projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7ebf6ed)
asan: NULL dereference in bfd_elf_set_group_contents
authorAlan Modra <amodra@gmail.com>
Fri, 17 Dec 2021 05:11:59 +0000 (15:41 +1030)
committerAlan Modra <amodra@gmail.com>
Fri, 17 Dec 2021 06:24:56 +0000 (16:54 +1030)
* elf-bfd.h (struct output_elf_obj_tdata): Make num_section_syms
unsigned.
* elf.c (bfd_elf_set_group_contents): Bounds check sec->index
and check that entry in elf_section_syms for sec is non-NULL.
(_bfd_elf_symbol_from_bfd_symbol): Adjust.

bfd/elf-bfd.h patch | blob | history
bfd/elf.c patch | blob | history

diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h
index 91bb1b2b8bdd48e05cca93f20f1f309cadef2808..68e830c6f0532d0ef9f64b18e5aa02dad4b674aa 100644 (file)
--- a/bfd/elf-bfd.h
+++ b/bfd/elf-bfd.h
@@ -1914,7 +1914,7 @@ struct output_elf_obj_tdata
   /* Linker information.  */
   struct bfd_link_info *link_info;
 
-  int num_section_syms;
+  unsigned int num_section_syms;
   unsigned int shstrtab_section, strtab_section;
 
   /* Segment flags for the PT_GNU_STACK segment.  */
diff --git a/bfd/elf.c b/bfd/elf.c
index e6c6a8a6c052f9b31493d86f42750135e779522b..92c06f2e44f8aab4616f2595952ce90b34a55459 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -3501,7 +3501,8 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
          /* If called from the assembler, swap_out_syms will have set up
             elf_section_syms.
             PR 25699: A corrupt input file could contain bogus group info.  */
-         if (elf_section_syms (abfd) == NULL)
+         if (sec->index >= elf_num_section_syms (abfd)
+             || elf_section_syms (abfd)[sec->index] == NULL)
            {
              *failedptr = true;
              return;
@@ -6764,15 +6765,14 @@ _bfd_elf_symbol_from_bfd_symbol (bfd *abfd, asymbol **asym_ptr_ptr)
       && asym_ptr->section)
     {
       asection *sec;
-      int indx;
 
       sec = asym_ptr->section;
       if (sec->owner != abfd && sec->output_section != NULL)
        sec = sec->output_section;
       if (sec->owner == abfd
-         && (indx = sec->index) < elf_num_section_syms (abfd)
-         && elf_section_syms (abfd)[indx] != NULL)
-       asym_ptr->udata.i = elf_section_syms (abfd)[indx]->udata.i;
+         && sec->index < elf_num_section_syms (abfd)
+         && elf_section_syms (abfd)[sec->index] != NULL)
+       asym_ptr->udata.i = elf_section_syms (abfd)[sec->index]->udata.i;
     }
 
   idx = asym_ptr->udata.i;