Fix illegal memory access when bfd_get_section_contents is called with a NULL section pointer.

  PR 31843

1 files changed, 34 insertions, 10 deletions

diff --git a/bfd/section.c b/bfd/section.c
index 778a6f7..81def03 100644
--- a/bfd/section.c
+++ b/bfd/section.c
@@ -1565,24 +1565,36 @@ bfd_get_section_contents (bfd *abfd,
 {
   bfd_size_type sz;
 
-  if (section->flags & SEC_CONSTRUCTOR)
+  if (count == 0)
+    /* Don't bother.  */
+    return true;
+
+  if (section == NULL)
     {
-      memset (location, 0, (size_t) count);
-      return true;
+      bfd_set_error (bfd_error_bad_value);
+      return false;
     }
 
-  sz = bfd_get_section_limit_octets (abfd, section);
-  if ((bfd_size_type) offset > sz
-      || count > sz - offset
-      || count != (size_t) count)
+  if (location == NULL)
     {
+      if (section->mmapped_p)
+	{
+	  /* Pass this request straight on to the target's function.
+	     All of the code below assumes that location != NULL.
+	     FIXME: Should we still check that count is sane ?  */
+	  return BFD_SEND (abfd, _bfd_get_section_contents,
+			   (abfd, section, location, offset, count));
+	}
+
       bfd_set_error (bfd_error_bad_value);
       return false;
     }
 
-  if (count == 0)
-    /* Don't bother.  */
-    return true;
+  if (section->flags & SEC_CONSTRUCTOR)
+    {
+      memset (location, 0, (size_t) count);
+      return true;
+    }
 
   if ((section->flags & SEC_HAS_CONTENTS) == 0)
     {
@@ -1590,6 +1602,18 @@ bfd_get_section_contents (bfd *abfd,
       return true;
     }
 
+  if (abfd == NULL)
+    return false;
+
+  sz = bfd_get_section_limit_octets (abfd, section);
+  if ((bfd_size_type) offset > sz
+      || count > sz - offset
+      || count != (size_t) count)
+    {
+      bfd_set_error (bfd_error_bad_value);
+      return false;
+    }
+
   if ((section->flags & SEC_IN_MEMORY) != 0)
     {
       if (section->contents == NULL)