PR23806, NULL pointer dereference in merge_strings

PR 23806 * merge.c (_bfd_add_merge_section): Don't attempt to merge sections with ridiculously large alignments.
2018-10-23 19:02:06 +10:30 · 2018-10-23 19:02:06 +10:30 · 45a0eaf770
commit 45a0eaf770
parent 102def4da8
2 changed files with 17 additions and 4 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,9 @@
+2018-10-23  Alan Modra  <amodra@gmail.com>
+
+	PR 23806
+	* merge.c (_bfd_add_merge_section): Don't attempt to merge
+	sections with ridiculously large alignments.
+
 2018-10-23  Alan Modra  <amodra@gmail.com>

 	PR 23805
--- a/bfd/merge.c
+++ b/bfd/merge.c
@ -24,6 +24,7 @@
   as used in ELF SHF_MERGE.  */

 #include "sysdep.h"
+#include <limits.h>
 #include "bfd.h"
 #include "elf-bfd.h"
 #include "libbfd.h"
@ -385,12 +386,18 @@ _bfd_add_merge_section (bfd *abfd, void **psinfo, asection *sec,
      return TRUE;
    }

-  align = sec->alignment_power;
-  if ((sec->entsize < (unsigned) 1 << align
+#ifndef CHAR_BIT
+#define CHAR_BIT 8
+#endif
+  if (sec->alignment_power >= sizeof (align) * CHAR_BIT)
+    return TRUE;
+
+  align = 1u << sec->alignment_power;
+  if ((sec->entsize < align
       && ((sec->entsize & (sec->entsize - 1))
 	   || !(sec->flags & SEC_STRINGS)))
-      || (sec->entsize > (unsigned) 1 << align
-	  && (sec->entsize & (((unsigned) 1 << align) - 1))))
+      || (sec->entsize > align
+	  && (sec->entsize & (align - 1))))
    {
      /* Sanity check.  If string character size is smaller than
 	 alignment, then we require character size to be a power