From 0c54f69295208331faab9bc5e995111a35672f9b Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 14 Aug 2017 12:09:36 +0100
Subject: Fix null pointer dereference when parsing a corrupt ELF binary.

	PR 21957
	* elf.c (setup_group): Check for an empty or very small group
	section.
	* po/bfd.pot: Regenerate.
---
 bfd/elf.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'bfd/elf.c')

diff --git a/bfd/elf.c b/bfd/elf.c
index d702474..2aa2337 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -742,12 +742,22 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 	{
 	  Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i];
 	  Elf_Internal_Group *idx;
-	  unsigned int n_elt;
+	  bfd_size_type n_elt;
 
 	  if (shdr == NULL)
 	    continue;
 
 	  idx = (Elf_Internal_Group *) shdr->contents;
+	  if (idx == NULL || shdr->sh_size < 4)
+	    {
+	      /* See PR 21957 for a reproducer.  */
+	      /* xgettext:c-format */
+	      _bfd_error_handler (_("%B: group section '%A' has no contents"),
+				  abfd, shdr->bfd_section);
+	      elf_tdata (abfd)->group_sect_ptr[i] = NULL;
+	      bfd_set_error (bfd_error_bad_value);
+	      return FALSE;
+	    }
 	  n_elt = shdr->sh_size / 4;
 
 	  /* Look through this group's sections to see if current
@@ -801,7 +811,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
   if (elf_group_name (newsect) == NULL)
     {
       /* xgettext:c-format */
-      _bfd_error_handler (_("%B: no group info for section %A"),
+      _bfd_error_handler (_("%B: no group info for section '%A'"),
 			  abfd, newsect);
       return FALSE;
     }
-- 
cgit v1.1