error: Malformed entity: Cannot map import_address_table_rva 0x0 into offset for untfs.dll

[williballenthin]

https://www.virustotal.com/gui/file/0000bab1a3b04d3013d126e4621abfe7ec87ba0eafac01a53ac51c4db747f65a

2023-06-06 13:52:00 [ERROR]  Malformed entity: Cannot map import_address_table_rva 0x0 into offset for untfs.dll

Stack backtrace:
   0: anyhow::error::<impl core::convert::From<E> for anyhow::Error>::from
             at /home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/anyhow-1.0.71/src/error.rs:547:25
   1: <core::result::Result<T,F> as core::ops::try_trait::FromResidual<core::result::Result<core::convert::Infallible,E>>>::from_residual
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/core/src/result.rs:1961:27
   2: lancelot::loader::pe::get_pe
             at ./core/src/loader/pe/mod.rs:95:14
   3: lancelot::loader::pe::load_pe
             at ./core/src/loader/pe/mod.rs:208:14
   4: lancelot::loader::pe::PE::from_bytes
             at ./core/src/loader/pe/mod.rs:60:9
   5: lancelot::workspace::workspace_from_bytes
             at ./core/src/workspace/mod.rs:394:22
   6: smoke::_main
             at ./bin/src/bin/smoke.rs:76:14
   7: smoke::main
             at ./bin/src/bin/smoke.rs:93:21
   8: core::ops::function::FnOnce::call_once
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/core/src/ops/function.rs:250:5
   9: std::sys_common::backtrace::__rust_begin_short_backtrace
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/sys_common/backtrace.rs:134:18
  10: std::rt::lang_start::{{closure}}
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/rt.rs:166:18
  11: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/core/src/ops/function.rs:284:13
  12: std::panicking::try::do_call
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panicking.rs:485:40
  13: std::panicking::try
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panicking.rs:449:19
  14: std::panic::catch_unwind
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panic.rs:142:14
  15: std::rt::lang_start_internal::{{closure}}
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/rt.rs:148:48
  16: std::panicking::try::do_call
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panicking.rs:485:40
  17: std::panicking::try
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panicking.rs:449:19
  18: std::panic::catch_unwind
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/panic.rs:142:14
  19: std::rt::lang_start_internal
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/rt.rs:148:20
  20: std::rt::lang_start
             at /rustc/ce5919fcef67103098219e1868f741e56fc90963/library/std/src/rt.rs:165:17
  21: main
  22: __libc_start_call_main
  23: __libc_start_main@@GLIBC_2.34
  24: _start

[williballenthin]

this is a bug in goblin:

[williballenthin]

looks like the pointer to the FT table is zero:

[williballenthin]

goblin probably should be patched here:

https://github.com/m4b/goblin/blob/9f7fb6b1d68bd28d154c9d6587c1f132ce04cf54/src/pe/import.rs#L189-L191

[williballenthin]

reported upstream here: m4b/goblin#371