PE format conformance issues in rebase.exe results incompatibility with LLVM-lld

Fri Jul 18 00:36:30 GMT 2025

On Sat, 7 Jun 2025, kikairoya via Cygwin wrote:
> Dear Cygwin team,
>> I’ve found that rebase.exe makes certain assumptions that do not conform
> to the PE specification.
>> 1. Incorrect handling of COFF File Header position
> When checking the 'Characteristics' field in the COFF File Header,
> rebase.exe assumes this field is always at a fixed offset. However, the
> PE specification states that the COFF File Header is located immediately
> after the PE signature in the image file.
>> https://cygwin.com/cgit/cygwin-apps/rebase/tree/rebase.c#n1739
> At this point, the code should perform a relative seek of 18 bytes, not
> an absolute seek with SEEK_SET.
>> This causes incompatibility with DLLs linked using LLVM's lld, which
> uses a PE stub of a different size. As a result, such DLLs cannot be
> rebased.
>>> 2. Limiting file size too conservatively
> https://cygwin.com/cgit/cygwin-apps/rebase/tree/pechecksum.c#n81
>> Here, the image size is limited to 1 GiB, while the PE specification
> allows for up to 2 GiB. Large DLLs with debug information (e.g.,
> `cygLLVM*.dll`, `cygclang-cpp*.dll`, etc.) can easily exceed the 1 GiB
> limit.
>>> I hope these issues can be addressed to improve compatibility with
> LLVM-based toolchains and enhance the robustness of development
> workflows.

Would you like to make a patch for these? There may be another issue
because peflags says "checksum update failed" on a small lld-created exe
even when not modifying the binary.
>> Regards,
>> --
> Tomohiro Kashiwada (@kikairoya)
>