Bug 4496 - bfd_elf_string_from_elf_section() doesn't check shindex value
Summary: bfd_elf_string_from_elf_section() doesn't check shindex value
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.18
: P2 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-11 15:40 UTC by Victor Stinner
Modified: 2007-05-14 04:19 UTC (History)
1 user (show)

See Also:
Host: linux,i386
Target: linux,i386
Build: linux,i386
Last reconfirmed:

Attachments
Fuzzed ELF (contains many bugs) (14.89 KB, application/octet-stream)
2007-05-11 15:40 UTC, Victor Stinner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Stinner 2007-05-11 15:40:06 UTC 
bfd_elf_string_from_elf_section() function of bfd/elf.c doesn't check if 
shindex is valid or not. I generated a file with my fuzzer which crash nm:

=> Segfault at bfd/elf.c, line 278
   abdf->section=
   abdf->section_count=0
   abdf->shindex=65288 (!)

Proposition of fix: replace
  if (strindex == 0)
    return "";
with
  if (strindex == 0 || abfd->section_count < shindex)
    return "";
Comment 1 Victor Stinner 2007-05-11 15:40:35 UTC 
Created attachment 1832 [details]
Fuzzed ELF (contains many bugs)