A corrupt ELF file could contain a .strtab section that wasn't
properly zero terminated. If so we could add a non-terminated string
to the dwelf_strtab functions, which could then crash because they
would read past the .strtab section data.
https://sourceware.org/bugzilla/show_bug.cgi?id=25069
Signed-off-by: Mark Wielaard <mark@klomp.org>
+2019-10-26 Mark Wielaard <mark@klomp.org>
+
+ * unstrip.c (collect_symbols): Check symbol strings are
+ terminated.
+
2019-10-18 Mark Wielaard <mark@klomp.org>
* unstrip.c (adjust_relocs): Set versym data d_size to the actual
if (sym->st_shndx != SHN_XINDEX)
shndx = sym->st_shndx;
- if (sym->st_name >= strdata->d_size)
+ if (sym->st_name >= strdata->d_size
+ || memrchr (strdata->d_buf + sym->st_name, '\0',
+ strdata->d_size - sym->st_name) == NULL)
error (EXIT_FAILURE, 0,
_("invalid string offset in symbol [%zu]"), i);