aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2016-05-09 17:31:07 +0100
committerNick Clifton <nickc@redhat.com>2016-05-09 17:31:07 +0100
commit315350be6598235df12a0190a5a4c21447eead36 (patch)
treeae9a90a664169c6c5a2d751226b9c2e083224442
parent9239bbd3a6bf901dba1c0170622c50c78f6d1096 (diff)
downloadgdb-315350be6598235df12a0190a5a4c21447eead36.zip
gdb-315350be6598235df12a0190a5a4c21447eead36.tar.gz
gdb-315350be6598235df12a0190a5a4c21447eead36.tar.bz2
Fix seg fault objdumping a corrupt binary with an invalid sh_link field.
PR binutils/20063 * elf.c (bfd_elf_get_elf_syms): Check for out of range sh_link field before accessing sections array. * readelf.c (get_32bit_section_headers): Warn if an out of range sh_link or sh_info field is encountered. (get_64bit_section_headers): Likewise.
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/elf.c16
-rw-r--r--binutils/ChangeLog7
-rw-r--r--binutils/readelf.c8
4 files changed, 32 insertions, 5 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index d5edec4..29dad01 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2016-05-09 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20063
+ * elf.c (bfd_elf_get_elf_syms): Check for out of range sh_link
+ field before accessing sections array.
+
2016-05-09 Christophe Monat <christophe.monat@st.com>
PR ld/20030
diff --git a/bfd/elf.c b/bfd/elf.c
index 4be7d73..1592183 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -407,11 +407,17 @@ bfd_elf_get_elf_syms (bfd *ibfd,
/* Find an index section that is linked to this symtab section. */
for (entry = elf_symtab_shndx_list (ibfd); entry != NULL; entry = entry->next)
- if (sections[entry->hdr.sh_link] == symtab_hdr)
- {
- shndx_hdr = & entry->hdr;
- break;
- };
+ {
+ /* PR 20063. */
+ if (entry->hdr.sh_link >= elf_numsections (ibfd))
+ continue;
+
+ if (sections[entry->hdr.sh_link] == symtab_hdr)
+ {
+ shndx_hdr = & entry->hdr;
+ break;
+ };
+ }
if (shndx_hdr == NULL)
{
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 12e8bb2..89ebe15 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,10 @@
+2016-05-09 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20063
+ * readelf.c (get_32bit_section_headers): Warn if an out of range
+ sh_link or sh_info field is encountered.
+ (get_64bit_section_headers): Likewise.
+
2016-05-04 Senthil Kumar Selvaraj <senthil_kumar.selvaraj@atmel.com>
* testsuite/lib/binutils-common.exp (is_elf_format): Add avr-*-*.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 3d31b38..13e7751 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -5059,6 +5059,10 @@ get_32bit_section_headers (FILE * file, bfd_boolean probe)
internal->sh_info = BYTE_GET (shdrs[i].sh_info);
internal->sh_addralign = BYTE_GET (shdrs[i].sh_addralign);
internal->sh_entsize = BYTE_GET (shdrs[i].sh_entsize);
+ if (!probe && internal->sh_link > num)
+ warn (_("Section %u has an out of range sh_link value of %u\n"), i, internal->sh_link);
+ if (!probe && internal->sh_flags & SHF_INFO_LINK && internal->sh_info > num)
+ warn (_("Section %u has an out of range sh_info value of %u\n"), i, internal->sh_info);
}
free (shdrs);
@@ -5117,6 +5121,10 @@ get_64bit_section_headers (FILE * file, bfd_boolean probe)
internal->sh_info = BYTE_GET (shdrs[i].sh_info);
internal->sh_offset = BYTE_GET (shdrs[i].sh_offset);
internal->sh_addralign = BYTE_GET (shdrs[i].sh_addralign);
+ if (!probe && internal->sh_link > num)
+ warn (_("Section %u has an out of range sh_link value of %u\n"), i, internal->sh_link);
+ if (!probe && internal->sh_flags & SHF_INFO_LINK && internal->sh_info > num)
+ warn (_("Section %u has an out of range sh_info value of %u\n"), i, internal->sh_info);
}
free (shdrs);