PEReader does not throw BadImageFormatException for some invalid PE files

[FiniteReality]

Description

Creating a PEReader for an invalid file type, such as an ELF can sometimes lead to a situation where the PEReader thinks the file is valid and it will return garbage data, causing errors to occur downstream.

Attached is a zipfile containing an ELF which reproduces the issue, trimmed using dd to reduce its filesize while still reproducing the issue.

Here's the code I'm running:

using System.Reflection.PortableExecutable;

var reader = new PEReader(File.OpenRead("path/to/invalid.so"));

Console.WriteLine(reader.HasMetadata);

Running the same code on a different ELF file throws a BadImageFormatException, as expected.

Configuration

.NET SDK/Runtime info

$ dotnet --info
.NET SDK (reflecting any global.json):
 Version:   5.0.102
 Commit:    71365b4d42

Runtime Environment:
 OS Name:     debian
 OS Version:  
 OS Platform: Linux
 RID:         debian-x64
 Base Path:   /usr/share/dotnet/sdk/5.0.102/

Host (useful for support):
  Version: 5.0.2
  Commit:  cb5f173b96

.NET SDKs installed:
  3.1.405 [/usr/share/dotnet/sdk]
  5.0.102 [/usr/share/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 3.1.11 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.2 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 3.1.11 [/usr/share/dotnet/shared/Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.2 [/usr/share/dotnet/shared/Microsoft.NETCore.App]

[dotnet-issue-labeler]

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

[ericstj]

This is a good suggestion. Maybe we could see how the runtime or linker (or dumpbin) does it and match that algorithm here. Relevant info: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format

[teo-tsirpanis]

I took a look at this. The reason reading the file did not fail, is that having failed to recognize the compatibility DOS header, the PE reader treated the file as a COFF file. COFF files however do not have a magic number in their header, and the ELF file was large enough to pass as having a COFF file header.

I don't think there is a reliable way to detect all cases of invalid files early, and this seems to be by design; PEReader reads the PE file lazily and cannot perform deep analysis firstly for performance reasons, and secondly because the file might contain data that PEReader does not know about.

@FiniteReality something you could do is adding an if (Enum.IsDefined(reader.PEHeaders.CoffHeader.Machine)) { throw new BadImageFormatException(); }. It's still not perfect but would catch your example.