From: Alan Modra Date: Fri, 21 Jun 2019 02:21:38 +0000 (+0930) Subject: PR24689, string table corruption X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=890f750a3b053532a4b839a2dd6243076de12031;p=binutils-gdb.git PR24689, string table corruption The testcase in the PR had a e_shstrndx section of type SHT_GROUP. hdr->contents were initialized by setup_group rather than being read from the file, thus last byte was not zero and string dereference ran off the end of the buffer. PR 24689 * elfcode.h (elf_object_p): Check type of e_shstrndx section. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f40f6ed63dc..bc7671e9ea3 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2019-06-21 Alan Modra + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. + 2019-06-19 Alan Modra PR 24697 diff --git a/bfd/elfcode.h b/bfd/elfcode.h index a0487b0843c..5180f79a74d 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -754,7 +754,8 @@ elf_object_p (bfd *abfd) /* A further sanity check. */ if (i_ehdrp->e_shnum != 0) { - if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) + if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) + || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) { /* PR 2257: We used to just goto got_wrong_format_error here