Fix a division by zero error when processing secondary relocs in a fuzzed input file.

author Nick Clifton <nickc@redhat.com>

Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)

committer Nick Clifton <nickc@redhat.com>

Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)
author Nick Clifton <nickc@redhat.com>
Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)
committer Nick Clifton <nickc@redhat.com>
Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 2dc5b542fb121c035078afff76935f4ee71a0900..1b58f9517ce5d856cc8455bc6db746530ba6d93a 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-09-03  Nick Clifton  <nickc@redhat.com>
+
+       PR 26521
+       * elf.c (_bfd_elf_write_secondary_reloc_section): Check for
+       secondary reloc sections with a zero sh_entsize field.
+
  2020-09-03  Nelson Chu  <nelson.chu@sifive.com>
  
         * elfnn-riscv.c (riscv_i_or_e_p): Minor cleanup for warnings/errors.
diff --git a/bfd/elf.c b/bfd/elf.c

index f32118ad404a7e455d975df3c180a0bfec6959f3..ac2095f787d821259cbf6654e268ab3d0ba06b07 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -12847,6 +12847,17 @@ _bfd_elf_write_secondary_reloc_section (bfd *abfd, asection *sec)
               continue;
             }
  
+         if (hdr->sh_entsize == 0)
+           {
+             _bfd_error_handler
+               /* xgettext:c-format */
+               (_("%pB(%pA): error: secondary reloc section has zero sized entries"),
+                abfd, relsec);
+             bfd_set_error (bfd_error_bad_value);
+             result = FALSE;
+             continue;
+           }
+
           reloc_count = hdr->sh_size / hdr->sh_entsize;
           if (reloc_count <= 0)
             {
author	Nick Clifton <nickc@redhat.com>
	Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Thu, 3 Sep 2020 15:11:43 +0000 (16:11 +0100)
bfd/ChangeLog		patch \| blob \| history
bfd/elf.c		patch \| blob \| history