blob: 383aae70ff729e0d655bf8cb0b62cf6d4b9da3db (
plain) (
tree)
|
|
From beab453223769279cc1cef68a1622ab8978641f7 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 30 Nov 2018 11:43:12 +0000
Subject: [PATCH] Remove an abort in the bfd library and add a check for an
integer overflow when mapping sections to segments.
PR 23932
* elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section
size.
(rewrite_elf_program_header): If no sections are mapped into a
segment return an error.
---
bfd/elf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/bfd/elf.c b/bfd/elf.c
index 604971d..79a76be 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -6644,6 +6644,7 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd)
the given segment. LMA addresses are compared. */
#define IS_CONTAINED_BY_LMA(section, segment, base) \
(section->lma >= base \
+ && (section->lma + SECTION_SIZE (section, segment) >= section->lma) \
&& (section->lma + SECTION_SIZE (section, segment) \
<= SEGMENT_END (segment, base)))
@@ -7167,7 +7168,15 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd)
suggested_lma = output_section;
}
- BFD_ASSERT (map->count > 0);
+ /* PR 23932. A corrupt input file may contain sections that cannot
+ be assigned to any segment - because for example they have a
+ negative size - or segments that do not contain any sections. */
+ if (map->count == 0)
+ {
+ bfd_set_error (bfd_error_bad_value);
+ free (sections);
+ return FALSE;
+ }
/* Add the current segment to the list of built segments. */
*pointer_to_map = map;
--
2.9.3
|
