New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MZloader: some MZ header shorts are now treated as unsigned #6421
MZloader: some MZ header shorts are now treated as unsigned #6421
Conversation
I'm finding contradicting information about the types (uint16/int16) in the MZ header so I'm retracting this PR. |
After reviewing more sources I think this pull request is correct so I'm reopening it. I was puzzled as I stumbled upon a site defining cs and ss fields as int16 [1]. I tried to find some other source to back this up. Other sources use only WORD, word, USHORT, unsigned short to describe the fields [2-7]. Only mention about something else is from MS-DOS encyclopedia where checksum field is described as ones' complement [3]. Therefore I think all values (except the checksum which is not used in MZloader) should be converted to uint16 before use. [1] http://justsolve.archiveteam.org/wiki/MS-DOS_EXE |
I'm finally able to take a look at this, sorry for the delay. If i recall correctly, there are certain areas of this code that expect subtraction to occur if the signed short is negative. That means that overflow still needs to happen if we use unsigned shorts. We won't get this behavior if we start using unsigned ints. I will look at some samples i have from other people's ticket submissions to see if i can find an example. |
Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MzLoader.java
Outdated
Show resolved
Hide resolved
Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MzLoader.java
Outdated
Show resolved
Hide resolved
Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MzLoader.java
Outdated
Show resolved
Hide resolved
Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MzLoader.java
Outdated
Show resolved
Hide resolved
Thanks for the feedback. I had though the logic wrong in some of the calculations. Thanks for pointing that out. I'll check those files for future reference and test cases. I removed the faulty calculations from the PR. |
Issue: MZ header info is stored as short (signed) but the actual data is unsigned. MZ loader uses these shorts in calculations and this might lead to wrong results if the number is treated as negative number instead of unsigned.
Fix: I added Short.toUnsignedInt() to each case to ensure correct outcome.
PS. Not sure it header.e_magic() if really needs it as it should always be the same. Anyway good to be consistant.
Fix compiles with
Fedora 39 (amd64)
Gradle 7.6.4