diff options
| author | Alan Modra <amodra@gmail.com> | 2024-10-01 07:53:55 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2024-10-01 08:04:14 +0930 |
| commit | 656f8fbaae34cb37bda5110cbc8c79c6a2aaa847 (patch) | |
| tree | 72019385bb665cedf42057ceffc78f030de0506c | |
| parent | 887ae0cf2be5cb10d68b14f16df8faf666f4e43b (diff) | |
| download | binutils-656f8fbaae34cb37bda5110cbc8c79c6a2aaa847.zip binutils-656f8fbaae34cb37bda5110cbc8c79c6a2aaa847.tar.gz binutils-656f8fbaae34cb37bda5110cbc8c79c6a2aaa847.tar.bz2 | |
segv in bfd_elf_get_str_section
Attempting to write a termination NUL to PROT_READ mmap'd memory was
a silly idea.
PR 32109
* elf.c (bfd_elf_get_str_section): Don't write terminating NUL
if missing.
* libbfd.c (_bfd_munmap_readonly_temporary): Correct comment.
| -rw-r--r-- | bfd/elf.c | 3 | ||||
| -rw-r--r-- | bfd/libbfd.c | 2 |
2 files changed, 3 insertions, 2 deletions
@@ -301,7 +301,8 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex) _bfd_error_handler /* xgettext:c-format */ (_("%pB: string table [%u] is corrupt"), abfd, shindex); - shstrtab[shstrtabsize - 1] = 0; + shstrtab = NULL; + i_shdrp[shindex]->sh_size = 0; } i_shdrp[shindex]->contents = shstrtab; } diff --git a/bfd/libbfd.c b/bfd/libbfd.c index 5386847..4da842e 100644 --- a/bfd/libbfd.c +++ b/bfd/libbfd.c @@ -1126,7 +1126,7 @@ _bfd_munmap_readonly_temporary (void *ptr, size_t rsize) { /* NB: Since _bfd_munmap_readonly_temporary is called like free, PTR may be NULL. Otherwise, PTR and RSIZE must be valid. If RSIZE is - 0, _bfd_malloc_and_read is called. */ + 0, free is called. */ if (ptr == NULL) return; if (rsize != 0) |