diff options
author | Alan Modra <amodra@gmail.com> | 2021-12-17 15:41:59 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-12-17 16:54:56 +1030 |
commit | 27e3da31c31572fde3d6e244a68ea45fb874b038 (patch) | |
tree | c1da58b31e89c4c76632b537879882f47f010e56 /bfd | |
parent | 7ebf6ed02bde3a488bb588316e47b4df68796076 (diff) | |
download | fsf-binutils-gdb-27e3da31c31572fde3d6e244a68ea45fb874b038.zip fsf-binutils-gdb-27e3da31c31572fde3d6e244a68ea45fb874b038.tar.gz fsf-binutils-gdb-27e3da31c31572fde3d6e244a68ea45fb874b038.tar.bz2 |
asan: NULL dereference in bfd_elf_set_group_contents
* elf-bfd.h (struct output_elf_obj_tdata): Make num_section_syms
unsigned.
* elf.c (bfd_elf_set_group_contents): Bounds check sec->index
and check that entry in elf_section_syms for sec is non-NULL.
(_bfd_elf_symbol_from_bfd_symbol): Adjust.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/elf-bfd.h | 2 | ||||
-rw-r--r-- | bfd/elf.c | 10 |
2 files changed, 6 insertions, 6 deletions
diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h index 91bb1b2..68e830c 100644 --- a/bfd/elf-bfd.h +++ b/bfd/elf-bfd.h @@ -1914,7 +1914,7 @@ struct output_elf_obj_tdata /* Linker information. */ struct bfd_link_info *link_info; - int num_section_syms; + unsigned int num_section_syms; unsigned int shstrtab_section, strtab_section; /* Segment flags for the PT_GNU_STACK segment. */ @@ -3501,7 +3501,8 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) /* If called from the assembler, swap_out_syms will have set up elf_section_syms. PR 25699: A corrupt input file could contain bogus group info. */ - if (elf_section_syms (abfd) == NULL) + if (sec->index >= elf_num_section_syms (abfd) + || elf_section_syms (abfd)[sec->index] == NULL) { *failedptr = true; return; @@ -6764,15 +6765,14 @@ _bfd_elf_symbol_from_bfd_symbol (bfd *abfd, asymbol **asym_ptr_ptr) && asym_ptr->section) { asection *sec; - int indx; sec = asym_ptr->section; if (sec->owner != abfd && sec->output_section != NULL) sec = sec->output_section; if (sec->owner == abfd - && (indx = sec->index) < elf_num_section_syms (abfd) - && elf_section_syms (abfd)[indx] != NULL) - asym_ptr->udata.i = elf_section_syms (abfd)[indx]->udata.i; + && sec->index < elf_num_section_syms (abfd) + && elf_section_syms (abfd)[sec->index] != NULL) + asym_ptr->udata.i = elf_section_syms (abfd)[sec->index]->udata.i; } idx = asym_ptr->udata.i; |