aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2016-12-06 16:53:57 +0000
committerNick Clifton <nickc@redhat.com>2016-12-06 16:53:57 +0000
commit4f3ca05b487e9755018b4c9a053a2e6c35d8a7df (patch)
treee959ef5fd42c27c1269f2fd67ed6069f546a856c
parent8b929e420a810afe23d5ba57a98109c74d1d5816 (diff)
downloadgdb-4f3ca05b487e9755018b4c9a053a2e6c35d8a7df.zip
gdb-4f3ca05b487e9755018b4c9a053a2e6c35d8a7df.tar.gz
gdb-4f3ca05b487e9755018b4c9a053a2e6c35d8a7df.tar.bz2
Fix seg-fault in strip when copying a corrupt binary.
PR binutils/20931 * elf.c (copy_special_section_fields): Check for an invalid sh_link field before attempting to follow it.
-rw-r--r--bfd/ChangeLog4
-rw-r--r--bfd/elf.c10
2 files changed, 14 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fb3f3f4..26fb42b 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
2016-12-06 Nick Clifton <nickc@redhat.com>
+ PR binutils/20931
+ * elf.c (copy_special_section_fields): Check for an invalid
+ sh_link field before attempting to follow it.
+
PR binutils/20929
* aoutx.h (squirt_out_relocs): Check for relocs without an
associated symbol.
diff --git a/bfd/elf.c b/bfd/elf.c
index 5cfee9c..678c043 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1346,6 +1346,16 @@ copy_special_section_fields (const bfd *ibfd,
in the input bfd. */
if (iheader->sh_link != SHN_UNDEF)
{
+ /* See PR 20931 for a reproducer. */
+ if (iheader->sh_link >= elf_numsections (ibfd))
+ {
+ (* _bfd_error_handler)
+ /* xgettext:c-format */
+ (_("%B: Invalid sh_link field (%d) in section number %d"),
+ ibfd, iheader->sh_link, secnum);
+ return FALSE;
+ }
+
sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
if (sh_link != SHN_UNDEF)
{