projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2a81e61)
PR24689, string table corruption
authorAlan Modra <amodra@gmail.com>
Fri, 21 Jun 2019 02:21:38 +0000 (11:51 +0930)
committerAlan Modra <amodra@gmail.com>
Fri, 21 Jun 2019 02:34:41 +0000 (12:04 +0930)
The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
hdr->contents were initialized by setup_group rather than being read
from the file, thus last byte was not zero and string dereference ran
off the end of the buffer.

PR 24689
* elfcode.h (elf_object_p): Check type of e_shstrndx section.

bfd/ChangeLog patch | blob | history
bfd/elfcode.h patch | blob | history

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index f40f6ed63dc8fdcaec2d735344c45c194cb41e21..bc7671e9ea300ca74ab077f572c963f98fdad831 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2019-06-21  Alan Modra  <amodra@gmail.com>
+
+       PR 24689
+       * elfcode.h (elf_object_p): Check type of e_shstrndx section.
+
 2019-06-19  Alan Modra  <amodra@gmail.com>
 
        PR 24697
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index a0487b0843cdbdbe640de536e6caefc7a2e5cbae..5180f79a74dfea8aab803e6c9d70429c146bedab 100644 (file)
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -754,7 +754,8 @@ elf_object_p (bfd *abfd)
   /* A further sanity check.  */
   if (i_ehdrp->e_shnum != 0)
     {
-      if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
+      if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
+         || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
        {
          /* PR 2257:
             We used to just goto got_wrong_format_error here