This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Bug 23142, SIGSEGV in is_strip_section
- From: Alan Modra <amodra at gmail dot com>
- To: binutils at sourceware dot org
- Date: Mon, 7 May 2018 22:57:21 +0930
- Subject: Bug 23142, SIGSEGV in is_strip_section
BFD supports only one SHT_SYMTAB section, and objcopy assumed that was
the case. Fuzzers of course come up with all sorts of crazy
situations, so we need to test that the symbols read by objcopy do in
fact come from the same symbol table referenced in a group signature.
PR 23142
* objcopy.c (group_signature): Don't accept groups that use a
symbol table other than the one we've read.
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 61c513b482..fadc957243 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -1211,14 +1211,13 @@ group_signature (asection *group)
return NULL;
ghdr = &elf_section_data (group)->this_hdr;
- if (ghdr->sh_link < elf_numsections (abfd))
+ if (ghdr->sh_link == elf_onesymtab (abfd))
{
const struct elf_backend_data *bed = get_elf_backend_data (abfd);
- Elf_Internal_Shdr *symhdr = elf_elfsections (abfd) [ghdr->sh_link];
+ Elf_Internal_Shdr *symhdr = &elf_symtab_hdr (abfd);
- if (symhdr->sh_type == SHT_SYMTAB
- && ghdr->sh_info > 0
- && ghdr->sh_info < (symhdr->sh_size / bed->s->sizeof_sym))
+ if (ghdr->sh_info > 0
+ && ghdr->sh_info < symhdr->sh_size / bed->s->sizeof_sym)
return isympp[ghdr->sh_info - 1];
}
return NULL;
--
Alan Modra
Australia Development Lab, IBM