admin/awesome_anti_virus_engine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance PE file Rich header detection with null and boundary checks

Browse Source 
- Added null pointer and boundary checks in ExtractFeatures method
- Prevent potential buffer overread when searching for Rich header signature
- Improve robustness of feature extraction for PE file analysis
This commit is contained in:
Huoji's
2025-03-09 03:25:29 +08:00
parent defe59ffe8
commit 2fed2d5bae
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ai_anti_malware/ml.cpp
View File

@@ -289,10 +289,12 @@ std::vector<double> MachineLearning::ExtractFeatures(const uint8_t* buffer,
const uint32_t* richPtr = reinterpret_cast<const uint32_t*>( const uint32_t* richPtr = reinterpret_cast<const uint32_t*>(
peBuffer + sizeof(IMAGE_DOS_HEADER)); peBuffer + sizeof(IMAGE_DOS_HEADER));
size_t maxLen = dosHeader->e_lfanew - sizeof(IMAGE_DOS_HEADER); size_t maxLen = dosHeader->e_lfanew - sizeof(IMAGE_DOS_HEADER);
for (size_t i = 0; i < maxLen / 4 - 1; i++) { if (maxLen > 0 && richPtr != nullptr) {
if (richPtr[i] == 0x68636952) { // "Rich" for (size_t i = 0; i < maxLen / 4 - 1; i++) {
peInfo.hasRich = true; if (richPtr[i] == 0x68636952) { // "Rich"
break; peInfo.hasRich = true;
break;
}
} }
} }
} }