This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: BFD overflows (part 2) [first patch]


On Thursday 12 May 2005 07:36 am, Mike Frysinger wrote:
> strings.024:
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000419f37 in bfd_section_from_shdr (abfd=0x584090, shindex=20)
>     at elf.c:1751
> 1751          if (elf_elfsections (abfd)[hdr->sh_link]->sh_type !=
> SHT_STRTAB)

find attached a small patch against mainline written by Tavis Ormandy 
<taviso@gentoo.org> to fix this case
-mike
--- bfd/ChangeLog
+++ bfd/ChangeLog
@@ -1,3 +1,7 @@
+2005-05-12  Tavis Ormandy <taviso@gentoo.org>
+
+	* elf.c: Add sanity check when parsing dynamic sections.
+
 2005-05-09  Kelley Cook  <kcook@gcc.gnu.org>
 
 	* configure.in: Replace AC_COMPILE_CHECK_SIZEOF with AC_CHECK_SIZEOF.
--- bfd/elf.c
+++ bfd/elf.c
@@ -1768,6 +1768,9 @@
     case SHT_DYNAMIC:	/* Dynamic linking information.  */
       if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex))
 	return FALSE;
+      if (hdr->sh_link > elf_numsections (abfd) || 
+		elf_elfsections (abfd)[hdr->sh_link] == NULL)
+	return FALSE;
       if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB)
 	{
 	  Elf_Internal_Shdr *dynsymhdr;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]