From c24cf8b6e831967c353f0c518e180cea689c0b58 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 19 Mar 2014 16:48:02 +0000 Subject: [PATCH] This is a fix for PR binutils/16723, where a corrupt .gnu.version_r section could send readelf into an infinite loop. * readelf.c (process_version_sections): Prevent an infinite loop when the vn_next field is zero but there are still entries to be processed. --- binutils/ChangeLog | 7 +++++++ binutils/readelf.c | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 2a65f47..03a1e18 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,10 @@ +2014-03-19 Nick Clifton + + PR binutils/16723 + * readelf.c (process_version_sections): Prevent an infinite loop + when the vn_next field is zero but there are still entries to be + processed. + 2014-03-17 Tristan Gingold * od-macho.c (dump_section_header): Renames of dump_section. diff --git a/binutils/readelf.c b/binutils/readelf.c index 27682b2..79137e3 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -8971,6 +8971,12 @@ process_version_sections (FILE * file) if (j < ent.vn_cnt) warn (_("Missing Version Needs auxillary information\n")); + if (ent.vn_next == 0 && cnt < section->sh_info) + { + warn (_("Corrupt Version Needs structure - offset to next structure is zero with entries still left to be processed\n")); + cnt = section->sh_info; + break; + } idx += ent.vn_next; } -- 2.7.4