Fix seg-fault in strip when copying a corrupt binary.

author Nick Clifton <nickc@redhat.com>

Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)

committer Nick Clifton <nickc@redhat.com>

Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)
author Nick Clifton <nickc@redhat.com>
Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)
committer Nick Clifton <nickc@redhat.com>
Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index fb3f3f4..26fb42b 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
  2016-12-06  Nick Clifton  <nickc@redhat.com>
  
+       PR binutils/20931
+       * elf.c (copy_special_section_fields): Check for an invalid
+       sh_link field before attempting to follow it.
+
         PR binutils/20929
         * aoutx.h (squirt_out_relocs): Check for relocs without an
         associated symbol.
diff --git a/bfd/elf.c b/bfd/elf.c

index 5cfee9c..678c043 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1346,6 +1346,16 @@ copy_special_section_fields (const bfd *ibfd,
       in the input bfd.  */
    if (iheader->sh_link != SHN_UNDEF)
      {
+      /* See PR 20931 for a reproducer.  */
+      if (iheader->sh_link >= elf_numsections (ibfd))
+       {
+         (* _bfd_error_handler)
+           /* xgettext:c-format */
+           (_("%B: Invalid sh_link field (%d) in section number %d"),
+            ibfd, iheader->sh_link, secnum);
+         return FALSE;
+       }
+
        sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
        if (sh_link != SHN_UNDEF)
         {
author	Nick Clifton <nickc@redhat.com>
	Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 6 Dec 2016 16:53:57 +0000 (16:53 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/elf.c		patch \| blob \| history