Put bfd_section_from_shdr loop detection array in elf_tdata

The static variables used by bfd_section_from_shdr to detect loops
in ELF sections have a problem:  Comparing a BFD pointer doesn't
guarantee that the current bfd is the same as the one previously used
to allocate the sections_being_created array.  For example, doing
   size bad_elf_1 bad_elf_2
with two corrupted ELF files containing section loops will leave the
section_being_created array allocated for the first file and since
bfd_close is called for bad_elf_1 before bfd_elf_2 is opened, it is
possible that the BFD for the second file is allocated in the same
memory as the first file.  If bad_elf_2 has more sections than
bad_elf_1 then we might write beyond the end of the array.

So this patch implements the FIXME Nick put in a comment about
attaching the array to the BFD.

	* elf-bfd.h (struct elf_obj_tdata): Add being_created.
	* elf.c (bfd_section_from_shdr): Delete static vars for loop
	detection.  Use new tdata variable instead.
	* elfcode.h (elf_object_p): Allocate being_created.

1 files changed, 1 insertions, 0 deletions

diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
index e9c890f..53b5ffc 100644
--- a/bfd/elf-bfd.h
+++ b/bfd/elf-bfd.h
@@ -1942,6 +1942,7 @@ struct elf_obj_tdata
   bfd_vma gp;				/* The gp value */
   unsigned int gp_size;			/* The gp size */
   unsigned int num_elf_sections;	/* elf_sect_ptr size */
+  unsigned char *being_created;
 
   /* A mapping from external symbols to entries in the linker hash
      table, used when linking.  This is indexed by the symbol index