Fix oobread crash in dotnet parser ##crash

author pancake <pancake@nopcode.org>

Thu, 11 Dec 2025 18:16:23 +0000 (19:16 +0100)

committer pancake <pancake@nopcode.org>

Thu, 11 Dec 2025 18:17:03 +0000 (19:17 +0100)
author pancake <pancake@nopcode.org>
Thu, 11 Dec 2025 18:16:23 +0000 (19:16 +0100)
committer pancake <pancake@nopcode.org>
Thu, 11 Dec 2025 18:17:03 +0000 (19:17 +0100)
diff --git a/libr/bin/format/pe/dotnet.c b/libr/bin/format/pe/dotnet.c

index 0667cdcba05684b07856afc7a51c877eb8fc785e..b7f78585f695d1c619783b7430c2d722b5626b0b 100644 (file)
--- a/libr/bin/format/pe/dotnet.c
+++ b/libr/bin/format/pe/dotnet.c
@@ -1570,7 +1570,7 @@ DotNetVersionInfo *dotnet_parse_version_info(const ut8 *buf, int size) {
                                                                 }
  
                                                                 // Now read Assembly table first row
-                                                               if (fits_in_pe (pe, table_offset, 4 + 2 + 2 + 2 + 2)) {
+                                                               if (table_offset >= pe->data && (size_t)(pe->data + pe->data_size - table_offset) >= (4 + 2 + 2 + 2 + 2)) {
                                                                         version_info->asm_major = r_read_le16 (table_offset + 4);
                                                                         version_info->asm_minor = r_read_le16 (table_offset + 6);
                                                                         version_info->asm_build = r_read_le16 (table_offset + 8);
author	pancake <pancake@nopcode.org>
	Thu, 11 Dec 2025 18:16:23 +0000 (19:16 +0100)
committer	pancake <pancake@nopcode.org>
	Thu, 11 Dec 2025 18:17:03 +0000 (19:17 +0100)