Fix an illegal memory access when trying to copy an ELF binary with corrupt section...

	PR 23113
	* elf.c (ignore_section_sym): Check for the output_section pointer
	being NULL before dereferencing it.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 32cd8933c2c61f9bd4f2de8c77ce80914bfbd6fc..edd822fefa4ed0502d418b39d4f90d504b3d45cb 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
 2018-04-24  Nick Clifton  <nickc@redhat.com>
 
+       PR 23113
+       * elf.c (ignore_section_sym): Check for the output_section pointer
+       being NULL before dereferencing it.
+
        PR 23110
        * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
        a negative PE_DEBUG_DATA size before iterating over the debug data.

diff --git a/bfd/elf.c b/bfd/elf.c
index 8ea5a81cbe36020d4bc2fc8b880ca83282c5349f..092b275ae20e3e643207078c352461af0015946b 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -4022,15 +4022,22 @@ ignore_section_sym (bfd *abfd, asymbol *sym)
 {
   elf_symbol_type *type_ptr;
 
+  if (sym == NULL)
+    return FALSE;
+
   if ((sym->flags & BSF_SECTION_SYM) == 0)
     return FALSE;
 
+  if (sym->section == NULL)
+    return TRUE;
+
   type_ptr = elf_symbol_from (abfd, sym);
   return ((type_ptr != NULL
           && type_ptr->internal_elf_sym.st_shndx != 0
           && bfd_is_abs_section (sym->section))
          || !(sym->section->owner == abfd
-              || (sym->section->output_section->owner == abfd
+              || (sym->section->output_section != NULL
+                  && sym->section->output_section->owner == abfd
                   && sym->section->output_offset == 0)
               || bfd_is_abs_section (sym->section)));
 }