This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Fix seg-fault reading a corrupt ELF binary.

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 21 Jun 2017 09:37:40 -0000
Subject: [binutils-gdb] Fix seg-fault reading a corrupt ELF binary.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ce49701009db42a9a53e5dcf172a6a211b1025b3

commit ce49701009db42a9a53e5dcf172a6a211b1025b3
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Jun 21 10:36:58 2017 +0100

    Fix seg-fault reading a corrupt ELF binary.
    
    	PR binutils/21640
    	* elf.c (setup_group): Zero the group section pointer list after
    	allocation so that loops can be caught.  Check for NULL pointers
    	when processing a group list.

Diff:
---
 bfd/ChangeLog |  7 +++++++
 bfd/elf.c     | 14 +++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 770fdf1..9bc63e1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21640
+	* elf.c (setup_group): Zero the group section pointer list after
+	allocation so that loops can be caught.  Check for NULL pointers
+	when processing a group list.
+
 2017-06-19  H.J. Lu  <hongjiu.lu@intel.com>
 
 	PR ld/21626
diff --git a/bfd/elf.c b/bfd/elf.c
index fb106e9..5f37e7f 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -613,6 +613,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 	{
 	  num_group = (unsigned) -1;
 	  elf_tdata (abfd)->num_group = num_group;
+	  elf_tdata (abfd)->group_sect_ptr = NULL;
 	}
       else
 	{
@@ -625,8 +626,9 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
               bfd_alloc2 (abfd, num_group, sizeof (Elf_Internal_Shdr *));
 	  if (elf_tdata (abfd)->group_sect_ptr == NULL)
 	    return FALSE;
-
+	  memset (elf_tdata (abfd)->group_sect_ptr, 0, num_group * sizeof (Elf_Internal_Shdr *));
 	  num_group = 0;
+
 	  for (i = 0; i < shnum; i++)
 	    {
 	      Elf_Internal_Shdr *shdr = elf_elfsections (abfd)[i];
@@ -739,8 +741,14 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
       for (i = 0; i < num_group; i++)
 	{
 	  Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i];
-	  Elf_Internal_Group *idx = (Elf_Internal_Group *) shdr->contents;
-	  unsigned int n_elt = shdr->sh_size / 4;
+	  Elf_Internal_Group *idx;
+	  unsigned int n_elt;
+
+	  if (shdr == NULL)
+	    continue;
+
+	  idx = (Elf_Internal_Group *) shdr->contents;
+	  n_elt = shdr->sh_size / 4;
 
 	  /* Look through this group's sections to see if current
 	     section is a member.  */

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]