Fix null pointer dereference when parsing a corrupt ELF binary.
PR 21957 * elf.c (setup_group): Check for an empty or very small group section. * po/bfd.pot: Regenerate.
This commit is contained in:
parent
d7f00f429a
commit
0c54f69295
|
@ -1,3 +1,10 @@
|
|||
2017-08-14 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 21957
|
||||
* elf.c (setup_group): Check for an empty or very small group
|
||||
section.
|
||||
* po/bfd.pot: Regenerate.
|
||||
|
||||
2017-08-14 Alan Modra <amodra@gmail.com>
|
||||
|
||||
PR 21441
|
||||
|
|
14
bfd/elf.c
14
bfd/elf.c
|
@ -742,12 +742,22 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
|
|||
{
|
||||
Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i];
|
||||
Elf_Internal_Group *idx;
|
||||
unsigned int n_elt;
|
||||
bfd_size_type n_elt;
|
||||
|
||||
if (shdr == NULL)
|
||||
continue;
|
||||
|
||||
idx = (Elf_Internal_Group *) shdr->contents;
|
||||
if (idx == NULL || shdr->sh_size < 4)
|
||||
{
|
||||
/* See PR 21957 for a reproducer. */
|
||||
/* xgettext:c-format */
|
||||
_bfd_error_handler (_("%B: group section '%A' has no contents"),
|
||||
abfd, shdr->bfd_section);
|
||||
elf_tdata (abfd)->group_sect_ptr[i] = NULL;
|
||||
bfd_set_error (bfd_error_bad_value);
|
||||
return FALSE;
|
||||
}
|
||||
n_elt = shdr->sh_size / 4;
|
||||
|
||||
/* Look through this group's sections to see if current
|
||||
|
@ -801,7 +811,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
|
|||
if (elf_group_name (newsect) == NULL)
|
||||
{
|
||||
/* xgettext:c-format */
|
||||
_bfd_error_handler (_("%B: no group info for section %A"),
|
||||
_bfd_error_handler (_("%B: no group info for section '%A'"),
|
||||
abfd, newsect);
|
||||
return FALSE;
|
||||
}
|
||||
|
|
2576
bfd/po/bfd.pot
2576
bfd/po/bfd.pot
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue