This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix seg-fault in strip when copying a corrupt binary.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 6 Dec 2016 16:54:29 -0000
- Subject: [binutils-gdb] Fix seg-fault in strip when copying a corrupt binary.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Dec 6 16:53:57 2016 +0000
Fix seg-fault in strip when copying a corrupt binary.
PR binutils/20931
* elf.c (copy_special_section_fields): Check for an invalid
sh_link field before attempting to follow it.
Diff:
---
bfd/ChangeLog | 4 ++++
bfd/elf.c | 10 ++++++++++
2 files changed, 14 insertions(+)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fb3f3f4..26fb42b 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
2016-12-06 Nick Clifton <nickc@redhat.com>
+ PR binutils/20931
+ * elf.c (copy_special_section_fields): Check for an invalid
+ sh_link field before attempting to follow it.
+
PR binutils/20929
* aoutx.h (squirt_out_relocs): Check for relocs without an
associated symbol.
diff --git a/bfd/elf.c b/bfd/elf.c
index 5cfee9c..678c043 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1346,6 +1346,16 @@ copy_special_section_fields (const bfd *ibfd,
in the input bfd. */
if (iheader->sh_link != SHN_UNDEF)
{
+ /* See PR 20931 for a reproducer. */
+ if (iheader->sh_link >= elf_numsections (ibfd))
+ {
+ (* _bfd_error_handler)
+ /* xgettext:c-format */
+ (_("%B: Invalid sh_link field (%d) in section number %d"),
+ ibfd, iheader->sh_link, secnum);
+ return FALSE;
+ }
+
sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
if (sh_link != SHN_UNDEF)
{