avast · PeterMatula · Aug 25, 2021 · Jul 5, 2021 · Aug 6, 2021 · Aug 6, 2021
diff --git a/include/retdec/fileformat/types/resource_table/resource.h b/include/retdec/fileformat/types/resource_table/resource.h
@@ -84,6 +84,7 @@ class Resource
 
 		/// @name Other methods
 		/// @{
+		bool isValidOffset() const;
 		bool isLoaded() const;
 		bool hasValidName() const;
 		bool hasValidId() const;

diff --git a/include/retdec/pelib/ImageLoader.h b/include/retdec/pelib/ImageLoader.h
@@ -171,6 +171,7 @@ class ImageLoader
 
 	std::uint32_t vaToRva(std::uint64_t VirtualAddress) const;
 	std::uint32_t getFileOffsetFromRva(std::uint32_t rva) const;
+	std::uint32_t getValidOffsetFromRva(std::uint32_t rva) const;
 	std::uint32_t getRealPointerToRawData(std::size_t sectionIndex) const;
 	std::uint32_t getRealSizeOfRawData(std::size_t sectionIndex) const;
 	std::uint32_t getImageProtection(std::uint32_t characteristics) const;

diff --git a/src/cpdetect/heuristics/pe_heuristics.cpp b/src/cpdetect/heuristics/pe_heuristics.cpp
@@ -1813,7 +1813,7 @@ void PeHeuristics::getSevenZipHeuristics()
 		{
 			// See: VS_VERSIONINFO structure documentation
 			auto resource = resourceTable->getResourceWithType(16);
-			if (resource)
+			if (resource && resource->isValidOffset())
 			{
 				std::uint64_t infoL = 0;
 				auto offset =  resource->getOffset();

diff --git a/src/fileformat/file_format/pe/pe_format.cpp b/src/fileformat/file_format/pe/pe_format.cpp
@@ -1762,8 +1762,8 @@ void PeFormat::loadResources()
 					resource->setNameId(nameChild->getOffsetToName());
 				}
 
-				unsigned long long dataOffset;
-				getOffsetFromAddress(dataOffset, imageBase + lanLeaf->getOffsetToData());
+				// Check if the offset is actually within the section bounds
+				std::uint64_t dataOffset = getImageLoader().getValidOffsetFromRva(lanLeaf->getOffsetToData());
 				resource->setOffset(dataOffset);
 				resource->setSizeInFile(lanLeaf->getSize());
 				resource->setLanguage(lanChild->getName());
@@ -3627,8 +3627,8 @@ void PeFormat::scanForResourceAnomalies()
 
 		// scan for resource stretched over multiple sections
 		unsigned long long resAddr;
-		if (getAddressFromOffset(resAddr, res->getOffset()) &&
-			isObjectStretchedOverSections(resAddr, res->getSizeInFile()))
+		if (res->isValidOffset() && getAddressFromOffset(resAddr, res->getOffset()) &&
+				isObjectStretchedOverSections(resAddr, res->getSizeInFile()))
 		{
 			anomalies.emplace_back("StretchedResource", "Resource " + replaceNonprintableChars(msgName) + " is stretched over multiple sections");
 		}

diff --git a/src/fileformat/types/resource_table/resource.cpp b/src/fileformat/types/resource_table/resource.cpp
@@ -336,6 +336,17 @@ void Resource::setSublanguageId(std::size_t rId)
 	sublanguageIdIsValid = true;
 }
 
+/**
+ * @brief Checks if the offset is valid, with UINT32_MAX reserved as invalid
+ * 
+ * @return true 
+ * @return false 
+ */
+bool Resource::isValidOffset() const
+{
+	return offset != UINT32_MAX;
+}
+
 /**
  * A method which indicates whether resource is loaded.
  * @return `true` if it is, otherwise `false`.

diff --git a/src/fileinfo/file_information/file_information_types/resource_table/resource_table.cpp b/src/fileinfo/file_information/file_information_types/resource_table/resource_table.cpp
@@ -278,7 +278,7 @@ std::string ResourceTable::getResourceSublanguageIdStr(std::size_t index, std::i
 std::string ResourceTable::getResourceOffsetStr(std::size_t index, std::ios_base &(* format)(std::ios_base &)) const
 {
 	const auto *record = table ? table->getResource(index) : nullptr;
-	return record ? getNumberAsString(record->getOffset(), format) : "";
+	return record && record->isValidOffset() ? getNumberAsString(record->getOffset(), format) : "";
 }
 
 /**