From 933d961a3c097d7cb4864314df714abacc9b234e Mon Sep 17 00:00:00 2001
From: Jakub Jelinek <jakub@redhat.com>
Date: Tue, 14 Jun 2005 11:04:22 +0000
Subject: [PATCH] 	* elf.c (bfd_section_from_shdr): Fail if name is NULL.
 	Prevent endless recursion on broken objects.

	* archive.c (do_slurp_coff_armap): Check for overflows.
---
 bfd/ChangeLog | 7 +++++++
 bfd/archive.c | 6 ++++++
 bfd/elf.c     | 9 +++++++++
 3 files changed, 22 insertions(+)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9124020..3de7087 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2005-06-14  Jakub Jelinek  <jakub@redhat.com>
+
+	* elf.c (bfd_section_from_shdr): Fail if name is NULL.
+	Prevent endless recursion on broken objects.
+
+	* archive.c (do_slurp_coff_armap): Check for overflows.
+
 2005-06-10  Daniel Jacobowitz  <dan@codesourcery.com>
 
 	* elfcode.h (elf_write_relocs): Do nothing if there are no
diff --git a/bfd/archive.c b/bfd/archive.c
index 7dfe6b6..ce6a332 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -821,9 +821,15 @@ do_slurp_coff_armap (bfd *abfd)
   /* The coff armap must be read sequentially.  So we construct a
      bsd-style one in core all at once, for simplicity.  */
 
+  if (nsymz > ~ (bfd_size_type) 0 / sizeof (carsym))
+    return FALSE;
+
   carsym_size = (nsymz * sizeof (carsym));
   ptrsize = (4 * nsymz);
 
+  if (carsym_size + stringsize + 1 <= carsym_size)
+    return FALSE;
+
   ardata->symdefs = bfd_zalloc (abfd, carsym_size + stringsize + 1);
   if (ardata->symdefs == NULL)
     return FALSE;
diff --git a/bfd/elf.c b/bfd/elf.c
index 189e099..5d4e1a3 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1752,6 +1752,8 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
   name = bfd_elf_string_from_elf_section (abfd,
 					  elf_elfheader (abfd)->e_shstrndx,
 					  hdr->sh_name);
+  if (name == NULL)
+    return FALSE;
 
   switch (hdr->sh_type)
     {
@@ -1922,6 +1924,9 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
 	      Elf_Internal_Shdr *hdr2 = elf_elfsections (abfd)[i];
 	      if (hdr2->sh_link == shindex)
 		{
+		  /* Prevent endless recursion on broken objects.  */
+		  if (i == shindex)
+		    return FALSE;
 		  if (! bfd_section_from_shdr (abfd, i))
 		    return FALSE;
 		  if (elf_onesymtab (abfd) == i)
@@ -1999,6 +2004,10 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
 	  return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
 						  shindex);
 
+        /* Prevent endless recursion on broken objects.  */
+        if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
+            || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
+          return FALSE;
 	if (! bfd_section_from_shdr (abfd, hdr->sh_info))
 	  return FALSE;
 	target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);
-- 
2.7.4