diff options
| author | Alan Modra <amodra@gmail.com> | 2019-06-21 11:51:38 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2019-06-21 12:04:41 +0930 |
| commit | 890f750a3b053532a4b839a2dd6243076de12031 (patch) | |
| tree | 8624ddef090b9615f9d160f9d7cb3e1b2d3a96dc /bfd | |
| parent | 2a81e61405262fd0299a5079b29ce417a8edba0c (diff) | |
| download | gdb-890f750a3b053532a4b839a2dd6243076de12031.zip gdb-890f750a3b053532a4b839a2dd6243076de12031.tar.gz gdb-890f750a3b053532a4b839a2dd6243076de12031.tar.bz2 | |
PR24689, string table corruption
The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
hdr->contents were initialized by setup_group rather than being read
from the file, thus last byte was not zero and string dereference ran
off the end of the buffer.
PR 24689
* elfcode.h (elf_object_p): Check type of e_shstrndx section.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 5 | ||||
| -rw-r--r-- | bfd/elfcode.h | 3 |
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f40f6ed..bc7671e 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2019-06-21 Alan Modra <amodra@gmail.com> + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. + 2019-06-19 Alan Modra <amodra@gmail.com> PR 24697 diff --git a/bfd/elfcode.h b/bfd/elfcode.h index a0487b0..5180f79 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -754,7 +754,8 @@ elf_object_p (bfd *abfd) /* A further sanity check. */ if (i_ehdrp->e_shnum != 0) { - if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) + if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) + || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) { /* PR 2257: We used to just goto got_wrong_format_error here |