Use of potentially uninitialized FILE pointer in PE::get_raw_bytes()

Question

Use of potentially uninitialized FILE pointer in PE::get_raw_bytes()

rc0r opened this issue 7 years ago · comments

Hi,

I came across just another minor issue. Consider the following:

int main(int argc, char *argv[]) {
  // check argc == 2
  mana::PE pe(argv[1]);
  pe.get_raw_bytes(-1);
  return 0;
}

In case argv[1] is set to a nonexistent file this will segfault during fseek() called from PE::get_raw_bytes() since PE::_file_handle is not initialized and doesn't point to a proper FILE object.
Since all the other methods of the PE class that operate on _file_handle have a nullptr check I assumed such a check wasn't intentionally omitted.

Cheers
rc0r

Ivan Kwiatkowski · Answer 1 · Thu Oct 19 2017 00:45:57 GMT+0800 (China Standard Time)

You're right that this was an omission on my part. Thanks for taking the time to provide a fix!