blob: 82b41c014f330e271193ecc263f4fbb8f3fe19ae (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 890f750a3b053532a4b839a2dd6243076de12031 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 21 Jun 2019 11:51:38 +0930
Subject: [PATCH] PR24689, string table corruption
The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
hdr->contents were initialized by setup_group rather than being read
from the file, thus last byte was not zero and string dereference ran
off the end of the buffer.
PR 24689
* elfcode.h (elf_object_p): Check type of e_shstrndx section.
---
bfd/elfcode.h | 3 ++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index a0487b0..5180f79 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -754,7 +754,8 @@ elf_object_p (bfd *abfd)
/* A further sanity check. */
if (i_ehdrp->e_shnum != 0)
{
- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
+ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
+ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
{
/* PR 2257:
We used to just goto got_wrong_format_error here
--
2.9.3
|
