This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Remove an abort in the bfd library and add a check for an integer overflow when mapping sections to

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 30 Nov 2018 11:44:02 -0000
Subject: [binutils-gdb] Remove an abort in the bfd library and add a check for an integer overflow when mapping sections to

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7

commit beab453223769279cc1cef68a1622ab8978641f7
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Nov 30 11:43:12 2018 +0000

    Remove an abort in the bfd library and add a check for an integer overflow when mapping sections to segments.
    
    	PR 23932
    	* elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section
    	size.
    	(rewrite_elf_program_header): If no sections are mapped into a
    	segment return an error.

Diff:
---
 bfd/ChangeLog |  8 ++++++++
 bfd/elf.c     | 11 ++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 8f455ae..6ea4835 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2018-11-30  Nick Clifton  <nickc@redhat.com>
+
+	PR 23932
+	* elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section
+	size.
+	(rewrite_elf_program_header): If no sections are mapped into a
+	segment return an error.
+
 2018-11-30  Alan Modra  <amodra@gmail.com>
 
 	PR 23937
diff --git a/bfd/elf.c b/bfd/elf.c
index 604971d..79a76be 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -6644,6 +6644,7 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd)
      the given segment.  LMA addresses are compared.  */
 #define IS_CONTAINED_BY_LMA(section, segment, base)			\
   (section->lma >= base							\
+   && (section->lma + SECTION_SIZE (section, segment) >= section->lma)	\
    && (section->lma + SECTION_SIZE (section, segment)			\
        <= SEGMENT_END (segment, base)))
 
@@ -7167,7 +7168,15 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd)
 		suggested_lma = output_section;
 	    }
 
-	  BFD_ASSERT (map->count > 0);
+	  /* PR 23932.  A corrupt input file may contain sections that cannot
+	     be assigned to any segment - because for example they have a
+	     negative size - or segments that do not contain any sections.  */
+	  if (map->count == 0)
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      free (sections);
+	      return FALSE;
+	    }
 
 	  /* Add the current segment to the list of built segments.  */
 	  *pointer_to_map = map;

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]