FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PR24689, string table corruption

Browse source 
The testcase in the PR had a e_shstrndx section of type SHT_GROUP.
hdr->contents were initialized by setup_group rather than being read
from the file, thus last byte was not zero and string dereference ran
off the end of the buffer.

	PR 24689
	* elfcode.h (elf_object_p): Check type of e_shstrndx section.
This commit is contained in:
Alan Modra 2019-06-21 11:51:38 +09:30
parent 2a81e61405
commit 890f750a3b
2 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
bfd/ChangeLog
View file

@ -1,3 +1,8 @@
2019-06-21 Alan Modra <amodra@gmail.com>
PR 24689
* elfcode.h (elf_object_p): Check type of e_shstrndx section.
2019-06-19 Alan Modra <amodra@gmail.com>
PR 24697

3
bfd/elfcode.h
View file

@ -754,7 +754,8 @@ elf_object_p (bfd *abfd)
/* A further sanity check. */
if (i_ehdrp->e_shnum != 0)
{
if (i_ehdrp->e_shstrndx >= elf_numsections (abfd))
if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)
|| i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB)
{
/* PR 2257:
We used to just goto got_wrong_format_error here