diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-06-21 10:36:58 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-06-21 10:36:58 +0100 |
| commit | ce49701009db42a9a53e5dcf172a6a211b1025b3 (patch) | |
| tree | 48ef4d866dd7d52df3e07e71c2c3d34b3acbe160 /bfd | |
| parent | 1e29262747bed568c673b8765d214a4a16772da1 (diff) | |
| download | gdb-ce49701009db42a9a53e5dcf172a6a211b1025b3.zip gdb-ce49701009db42a9a53e5dcf172a6a211b1025b3.tar.gz gdb-ce49701009db42a9a53e5dcf172a6a211b1025b3.tar.bz2 | |
Fix seg-fault reading a corrupt ELF binary.
PR binutils/21640
* elf.c (setup_group): Zero the group section pointer list after
allocation so that loops can be caught. Check for NULL pointers
when processing a group list.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 7 | ||||
| -rw-r--r-- | bfd/elf.c | 14 |
2 files changed, 18 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 770fdf1..9bc63e1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2017-06-21 Nick Clifton <nickc@redhat.com> + + PR binutils/21640 + * elf.c (setup_group): Zero the group section pointer list after + allocation so that loops can be caught. Check for NULL pointers + when processing a group list. + 2017-06-19 H.J. Lu <hongjiu.lu@intel.com> PR ld/21626 @@ -613,6 +613,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) { num_group = (unsigned) -1; elf_tdata (abfd)->num_group = num_group; + elf_tdata (abfd)->group_sect_ptr = NULL; } else { @@ -625,8 +626,9 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) bfd_alloc2 (abfd, num_group, sizeof (Elf_Internal_Shdr *)); if (elf_tdata (abfd)->group_sect_ptr == NULL) return FALSE; - + memset (elf_tdata (abfd)->group_sect_ptr, 0, num_group * sizeof (Elf_Internal_Shdr *)); num_group = 0; + for (i = 0; i < shnum; i++) { Elf_Internal_Shdr *shdr = elf_elfsections (abfd)[i]; @@ -739,8 +741,14 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect) for (i = 0; i < num_group; i++) { Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i]; - Elf_Internal_Group *idx = (Elf_Internal_Group *) shdr->contents; - unsigned int n_elt = shdr->sh_size / 4; + Elf_Internal_Group *idx; + unsigned int n_elt; + + if (shdr == NULL) + continue; + + idx = (Elf_Internal_Group *) shdr->contents; + n_elt = shdr->sh_size / 4; /* Look through this group's sections to see if current section is a member. */ |