* elf.c (bfd_elf_get_str_section): Fix memory leak caused by

	corrupt string table.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 75bc0b6..5539be2 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2008-05-01  Cary Coutant  <ccoutant@google.com>
+
+       * elf.c (bfd_elf_get_str_section): Fix memory leak caused by
+       corrupt string table.
+
 2008-05-01  Joel Brobecker  <brobecker@adacore.com>
 
        * cache.c (cache_bread_1): Renames cache_bread.

diff --git a/bfd/elf.c b/bfd/elf.c
index 2f1ec37..1a32d42 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -281,7 +281,7 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
 
       /* Allocate and clear an extra byte at the end, to prevent crashes
         in case the string table is not terminated.  */
-      if (shstrtabsize + 1 == 0
+      if (shstrtabsize + 1 <= 1
          || (shstrtab = bfd_alloc (abfd, shstrtabsize + 1)) == NULL
          || bfd_seek (abfd, offset, SEEK_SET) != 0)
        shstrtab = NULL;
@@ -290,6 +290,10 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
          if (bfd_get_error () != bfd_error_system_call)
            bfd_set_error (bfd_error_file_truncated);
          shstrtab = NULL;
+         /* Once we've failed to read it, make sure we don't keep
+            trying.  Otherwise, we'll keep allocating space for
+            the string table over and over.  */
+         i_shdrp[shindex]->sh_size = 0;
        }
       else
        shstrtab[shstrtabsize] = '\0';