Prevent a buffer overrun error when attempting to parse a corrupt ELF file.

PR 24273
	* elf.c (bfd_elf_string_from_elf_section): Check for a string
	section that is not NUL terminated.
This commit is contained in:
Nick Clifton
2019-02-28 14:30:20 +00:00
parent 9c4c331816
commit eed5def8d0
2 changed files with 17 additions and 1 deletions

View File

@ -1,3 +1,9 @@
2019-02-28 Nick Clifton <nickc@redhat.com>
PR 24273
* elf.c (bfd_elf_string_from_elf_section): Check for a string
section that is not NUL terminated.
2019-02-27 H.J. Lu <hongjiu.lu@intel.com>
PR ld/24276

View File

@ -351,6 +351,16 @@ bfd_elf_string_from_elf_section (bfd *abfd,
if (bfd_elf_get_str_section (abfd, shindex) == NULL)
return NULL;
}
else
{
/* PR 24273: The string section's contents may have already
been loaded elsewhere, eg because a corrupt file has the
string section index in the ELF header pointing at a group
section. So be paranoid, and test that the last byte of
the section is zero. */
if (hdr->sh_size == 0 || hdr->contents[hdr->sh_size - 1] != 0)
return NULL;
}
if (strindex >= hdr->sh_size)
{