diff options
author | Nick Clifton <nickc@redhat.com> | 2024-06-05 13:30:27 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2024-06-05 13:30:27 +0100 |
commit | 2db414c36b4f030782c2c8a24c916c3033261af0 (patch) | |
tree | 0f5d2d65b2b1c0e51e9878c7cb8c4956b9e608d3 /bfd/section.c | |
parent | 3d7627c2d08e722774a8c7c34c154d9436177842 (diff) | |
download | binutils-2db414c36b4f030782c2c8a24c916c3033261af0.zip binutils-2db414c36b4f030782c2c8a24c916c3033261af0.tar.gz binutils-2db414c36b4f030782c2c8a24c916c3033261af0.tar.bz2 |
Fix illegal memory access when bfd_get_section_contents is called with a NULL section pointer.
PR 31843
Diffstat (limited to 'bfd/section.c')
-rw-r--r-- | bfd/section.c | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/bfd/section.c b/bfd/section.c index 778a6f7..81def03 100644 --- a/bfd/section.c +++ b/bfd/section.c @@ -1565,24 +1565,36 @@ bfd_get_section_contents (bfd *abfd, { bfd_size_type sz; - if (section->flags & SEC_CONSTRUCTOR) + if (count == 0) + /* Don't bother. */ + return true; + + if (section == NULL) { - memset (location, 0, (size_t) count); - return true; + bfd_set_error (bfd_error_bad_value); + return false; } - sz = bfd_get_section_limit_octets (abfd, section); - if ((bfd_size_type) offset > sz - || count > sz - offset - || count != (size_t) count) + if (location == NULL) { + if (section->mmapped_p) + { + /* Pass this request straight on to the target's function. + All of the code below assumes that location != NULL. + FIXME: Should we still check that count is sane ? */ + return BFD_SEND (abfd, _bfd_get_section_contents, + (abfd, section, location, offset, count)); + } + bfd_set_error (bfd_error_bad_value); return false; } - if (count == 0) - /* Don't bother. */ - return true; + if (section->flags & SEC_CONSTRUCTOR) + { + memset (location, 0, (size_t) count); + return true; + } if ((section->flags & SEC_HAS_CONTENTS) == 0) { @@ -1590,6 +1602,18 @@ bfd_get_section_contents (bfd *abfd, return true; } + if (abfd == NULL) + return false; + + sz = bfd_get_section_limit_octets (abfd, section); + if ((bfd_size_type) offset > sz + || count > sz - offset + || count != (size_t) count) + { + bfd_set_error (bfd_error_bad_value); + return false; + } + if ((section->flags & SEC_IN_MEMORY) != 0) { if (section->contents == NULL) |