Fix memory access problems discovered when running some binary tools on corrupt files.

	PR binutils/18758
	* elf.c (_bfd_elf_setup_sections): Add checks for corrupt section
	group information.
	* peicode.h (pe_ILF_make_a_section): Ensure alignment of the
	used_by_bfd pointer.
	(pe_ILF_build_a_bfd): Ensure alignment of vars.data pointer.

1 files changed, 15 insertions, 2 deletions

diff --git a/bfd/elf.c b/bfd/elf.c
index 15de37b..7ae2e34 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -817,9 +817,22 @@ _bfd_elf_setup_sections (bfd *abfd)
   for (i = 0; i < num_group; i++)
     {
       Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i];
-      Elf_Internal_Group *idx = (Elf_Internal_Group *) shdr->contents;
-      unsigned int n_elt = shdr->sh_size / 4;
+      Elf_Internal_Group *idx;
+      unsigned int n_elt;
 
+      /* PR binutils/18758: Beware of corrupt binaries with invalid group data.  */
+      if (shdr == NULL || shdr->bfd_section == NULL || shdr->contents == NULL)
+	{
+	  (*_bfd_error_handler)
+	    (_("%B: section group entry number %u is corrupt"),
+	     abfd, i);
+	  result = FALSE;
+	  continue;
+	}
+
+      idx = (Elf_Internal_Group *) shdr->contents;
+      n_elt = shdr->sh_size / 4;
+      
       while (--n_elt != 0)
 	if ((++idx)->shdr->bfd_section)
 	  elf_sec_group (idx->shdr->bfd_section) = shdr->bfd_section;