From 1c52a64577904012c953b9e992f2c1b4407a36d1 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Wed, 4 Jul 2012 00:29:52 +0000 Subject: [PATCH] Check number of sections overflow * elf.c (assign_section_numbers): Check if number of sections >= SHN_LORESERVE. * elfcode.h (elf_object_p): Likewise. --- bfd/ChangeLog | 6 ++++++ bfd/elf.c | 7 +++++++ bfd/elfcode.h | 5 +++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f6d368e..d48c506 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2012-07-03 H.J. Lu + + * elf.c (assign_section_numbers): Check if number of sections + >= SHN_LORESERVE. + * elfcode.h (elf_object_p): Likewise. + 2012-07-03 Nick Clifton * archive.c (bsd_write_armap): Catch attempts to create an archive diff --git a/bfd/elf.c b/bfd/elf.c index 532c7f9..48e5d68 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -3014,6 +3014,13 @@ assign_section_numbers (bfd *abfd, struct bfd_link_info *link_info) _bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name); } + if (section_number >= SHN_LORESERVE) + { + _bfd_error_handler (_("%B: too many sections: %u"), + abfd, section_number); + return FALSE; + } + _bfd_elf_strtab_finalize (elf_shstrtab (abfd)); t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd)); diff --git a/bfd/elfcode.h b/bfd/elfcode.h index cc55c86..30bda73 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -633,8 +633,9 @@ elf_object_p (bfd *abfd) if (i_ehdrp->e_shnum == SHN_UNDEF) { i_ehdrp->e_shnum = i_shdr.sh_size; - if (i_ehdrp->e_shnum != i_shdr.sh_size - || i_ehdrp->e_shnum == 0) + if (i_ehdrp->e_shnum >= SHN_LORESERVE + || i_ehdrp->e_shnum != i_shdr.sh_size + || i_ehdrp->e_shnum == 0) goto got_wrong_format_error; } -- 2.7.4