From 27e3da31c31572fde3d6e244a68ea45fb874b038 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Fri, 17 Dec 2021 15:41:59 +1030 Subject: [PATCH] asan: NULL dereference in bfd_elf_set_group_contents * elf-bfd.h (struct output_elf_obj_tdata): Make num_section_syms unsigned. * elf.c (bfd_elf_set_group_contents): Bounds check sec->index and check that entry in elf_section_syms for sec is non-NULL. (_bfd_elf_symbol_from_bfd_symbol): Adjust. --- bfd/elf-bfd.h | 2 +- bfd/elf.c | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h index 91bb1b2b8bd..68e830c6f05 100644 --- a/bfd/elf-bfd.h +++ b/bfd/elf-bfd.h @@ -1914,7 +1914,7 @@ struct output_elf_obj_tdata /* Linker information. */ struct bfd_link_info *link_info; - int num_section_syms; + unsigned int num_section_syms; unsigned int shstrtab_section, strtab_section; /* Segment flags for the PT_GNU_STACK segment. */ diff --git a/bfd/elf.c b/bfd/elf.c index e6c6a8a6c05..92c06f2e44f 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -3501,7 +3501,8 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) /* If called from the assembler, swap_out_syms will have set up elf_section_syms. PR 25699: A corrupt input file could contain bogus group info. */ - if (elf_section_syms (abfd) == NULL) + if (sec->index >= elf_num_section_syms (abfd) + || elf_section_syms (abfd)[sec->index] == NULL) { *failedptr = true; return; @@ -6764,15 +6765,14 @@ _bfd_elf_symbol_from_bfd_symbol (bfd *abfd, asymbol **asym_ptr_ptr) && asym_ptr->section) { asection *sec; - int indx; sec = asym_ptr->section; if (sec->owner != abfd && sec->output_section != NULL) sec = sec->output_section; if (sec->owner == abfd - && (indx = sec->index) < elf_num_section_syms (abfd) - && elf_section_syms (abfd)[indx] != NULL) - asym_ptr->udata.i = elf_section_syms (abfd)[indx]->udata.i; + && sec->index < elf_num_section_syms (abfd) + && elf_section_syms (abfd)[sec->index] != NULL) + asym_ptr->udata.i = elf_section_syms (abfd)[sec->index]->udata.i; } idx = asym_ptr->udata.i; -- 2.30.2