From 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 6 Dec 2016 16:53:57 +0000 Subject: Fix seg-fault in strip when copying a corrupt binary. PR binutils/20931 * elf.c (copy_special_section_fields): Check for an invalid sh_link field before attempting to follow it. --- bfd/ChangeLog | 4 ++++ bfd/elf.c | 10 ++++++++++ 2 files changed, 14 insertions(+) (limited to 'bfd') diff --git a/bfd/ChangeLog b/bfd/ChangeLog index fb3f3f4..26fb42b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,9 @@ 2016-12-06 Nick Clifton + PR binutils/20931 + * elf.c (copy_special_section_fields): Check for an invalid + sh_link field before attempting to follow it. + PR binutils/20929 * aoutx.h (squirt_out_relocs): Check for relocs without an associated symbol. diff --git a/bfd/elf.c b/bfd/elf.c index 5cfee9c..678c043 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -1346,6 +1346,16 @@ copy_special_section_fields (const bfd *ibfd, in the input bfd. */ if (iheader->sh_link != SHN_UNDEF) { + /* See PR 20931 for a reproducer. */ + if (iheader->sh_link >= elf_numsections (ibfd)) + { + (* _bfd_error_handler) + /* xgettext:c-format */ + (_("%B: Invalid sh_link field (%d) in section number %d"), + ibfd, iheader->sh_link, secnum); + return FALSE; + } + sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link); if (sh_link != SHN_UNDEF) { -- cgit v1.1