]> git.ipfire.org Git - thirdparty/systemd.git/commit
pe-binary: fix missing le16toh() on NumberOfSections in pe_hash/uki_hash
authorOblivionsage <cookieandcream560@gmail.com>
Tue, 17 Feb 2026 18:39:05 +0000 (19:39 +0100)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Tue, 17 Feb 2026 23:25:54 +0000 (08:25 +0900)
commit02cab70acf5ca67e838d0d34860baacbf9fc3b6c
treeb1fdb0c4096ff14f931bbbeabbfdd552d447ec32
parenta3af68b84dd21e5cbe1f1ca3f98465efb2a17b79
pe-binary: fix missing le16toh() on NumberOfSections in pe_hash/uki_hash

pe_hash() and uki_hash() pass pe_header->pe.NumberOfSections directly
to typesafe_qsort() and FOREACH_ARRAY() without le16toh(). On
big-endian (s390x), NumberOfSections=3 gets read as 0x0300 (768),
while pe_load_sections() correctly converts it and only allocates 3
sections. This makes qsort process 768 elements on a 3-element
buffer, causing a heap-buffer-overflow (confirmed with ASAN on
native s390x).

Wrap all three raw usages with le16toh() to match pe_load_sections().
src/shared/pe-binary.c