PR28763, SIGSEGV during processing of program headers via readelf

	PR 28763
	* readelf.c (process_file_header): Discard any cached program
	headers if there is an extension field for e_phnum in first
	section header.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index e56e9b5639397dd0839339b4606270e74995dfb4..b208db593342f1afefd942e3bab4f72efff8e259 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -5631,10 +5631,7 @@ process_file_header (Filedata * filedata)
       if (filedata->section_headers != NULL
          && header->e_phnum == PN_XNUM
          && filedata->section_headers[0].sh_info != 0)
-       {
-         header->e_phnum = filedata->section_headers[0].sh_info;
-         printf (" (%u)", header->e_phnum);
-       }
+       printf (" (%u)", filedata->section_headers[0].sh_info);
       putc ('\n', stdout);
       printf (_("  Size of section headers:           %u (bytes)\n"),
              header->e_shentsize);
@@ -5667,7 +5664,12 @@ process_file_header (Filedata * filedata)
     {
       if (header->e_phnum == PN_XNUM
          && filedata->section_headers[0].sh_info != 0)
-       header->e_phnum = filedata->section_headers[0].sh_info;
+       {
+         /* Throw away any cached read of PN_XNUM headers.  */
+         free (filedata->program_headers);
+         filedata->program_headers = NULL;
+         header->e_phnum = filedata->section_headers[0].sh_info;
+       }
       if (header->e_shnum == SHN_UNDEF)
        header->e_shnum = filedata->section_headers[0].sh_size;
       if (header->e_shstrndx == (SHN_XINDEX & 0xffff))