From ce49701009db42a9a53e5dcf172a6a211b1025b3 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 21 Jun 2017 10:36:58 +0100
Subject: [PATCH] Fix seg-fault reading a corrupt ELF binary.

	PR binutils/21640
	* elf.c (setup_group): Zero the group section pointer list after
	allocation so that loops can be caught.  Check for NULL pointers
	when processing a group list.
---
 bfd/ChangeLog |  7 +++++++
 bfd/elf.c     | 14 +++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 770fdf1..9bc63e1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21640
+	* elf.c (setup_group): Zero the group section pointer list after
+	allocation so that loops can be caught.  Check for NULL pointers
+	when processing a group list.
+
 2017-06-19  H.J. Lu  <hongjiu.lu@intel.com>
 
 	PR ld/21626
diff --git a/bfd/elf.c b/bfd/elf.c
index fb106e9..5f37e7f 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -613,6 +613,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
 	{
 	  num_group = (unsigned) -1;
 	  elf_tdata (abfd)->num_group = num_group;
+	  elf_tdata (abfd)->group_sect_ptr = NULL;
 	}
       else
 	{
@@ -625,8 +626,9 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
               bfd_alloc2 (abfd, num_group, sizeof (Elf_Internal_Shdr *));
 	  if (elf_tdata (abfd)->group_sect_ptr == NULL)
 	    return FALSE;
-
+	  memset (elf_tdata (abfd)->group_sect_ptr, 0, num_group * sizeof (Elf_Internal_Shdr *));
 	  num_group = 0;
+
 	  for (i = 0; i < shnum; i++)
 	    {
 	      Elf_Internal_Shdr *shdr = elf_elfsections (abfd)[i];
@@ -739,8 +741,14 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
       for (i = 0; i < num_group; i++)
 	{
 	  Elf_Internal_Shdr *shdr = elf_tdata (abfd)->group_sect_ptr[i];
-	  Elf_Internal_Group *idx = (Elf_Internal_Group *) shdr->contents;
-	  unsigned int n_elt = shdr->sh_size / 4;
+	  Elf_Internal_Group *idx;
+	  unsigned int n_elt;
+
+	  if (shdr == NULL)
+	    continue;
+
+	  idx = (Elf_Internal_Group *) shdr->contents;
+	  n_elt = shdr->sh_size / 4;
 
 	  /* Look through this group's sections to see if current
 	     section is a member.  */
-- 
2.7.4