This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: BFD overflows (part 2) [first patch]
- From: Mike Frysinger <vapier at gentoo dot org>
- To: binutils at sources dot redhat dot com
- Date: Thu, 12 May 2005 12:17:22 -0400
- Subject: Re: BFD overflows (part 2) [first patch]
- References: <200505120736.35805.vapier@gentoo.org>
On Thursday 12 May 2005 07:36 am, Mike Frysinger wrote:
> strings.024:
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000419f37 in bfd_section_from_shdr (abfd=0x584090, shindex=20)
> at elf.c:1751
> 1751 if (elf_elfsections (abfd)[hdr->sh_link]->sh_type !=
> SHT_STRTAB)
find attached a small patch against mainline written by Tavis Ormandy
<taviso@gentoo.org> to fix this case
-mike
--- bfd/ChangeLog
+++ bfd/ChangeLog
@@ -1,3 +1,7 @@
+2005-05-12 Tavis Ormandy <taviso@gentoo.org>
+
+ * elf.c: Add sanity check when parsing dynamic sections.
+
2005-05-09 Kelley Cook <kcook@gcc.gnu.org>
* configure.in: Replace AC_COMPILE_CHECK_SIZEOF with AC_CHECK_SIZEOF.
--- bfd/elf.c
+++ bfd/elf.c
@@ -1768,6 +1768,9 @@
case SHT_DYNAMIC: /* Dynamic linking information. */
if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex))
return FALSE;
+ if (hdr->sh_link > elf_numsections (abfd) ||
+ elf_elfsections (abfd)[hdr->sh_link] == NULL)
+ return FALSE;
if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB)
{
Elf_Internal_Shdr *dynsymhdr;