From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14070 invoked by alias); 12 May 2005 16:17:35 -0000 Mailing-List: contact binutils-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sources.redhat.com Received: (qmail 13590 invoked from network); 12 May 2005 16:17:20 -0000 Received: from unknown (HELO smtp.gentoo.org) (134.68.220.30) by sourceware.org with SMTP; 12 May 2005 16:17:20 -0000 Received: from localhost ([127.0.0.1] helo=home.wh0rd.org) by smtp.gentoo.org with esmtp (Exim 4.43) id 1DWGND-00012i-02 for binutils@sources.redhat.com; Thu, 12 May 2005 16:17:19 +0000 Received: (qmail 19881 invoked from network); 12 May 2005 12:15:24 -0400 Received: from unknown (HELO vapier) (192.168.0.2) by 192.168.0.1 with SMTP; 12 May 2005 12:15:24 -0400 From: Mike Frysinger To: binutils@sources.redhat.com Subject: Re: BFD overflows (part 2) [first patch] Date: Thu, 12 May 2005 16:21:00 -0000 User-Agent: KMail/1.8 References: <200505120736.35805.vapier@gentoo.org> In-Reply-To: <200505120736.35805.vapier@gentoo.org> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_SG4gC1j/MKYWNG9" Message-Id: <200505121217.22312.vapier@gentoo.org> X-SW-Source: 2005-05/txt/msg00430.txt.bz2 --Boundary-00=_SG4gC1j/MKYWNG9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-length: 418 On Thursday 12 May 2005 07:36 am, Mike Frysinger wrote: > strings.024: > Program received signal SIGSEGV, Segmentation fault. > 0x0000000000419f37 in bfd_section_from_shdr (abfd=0x584090, shindex=20) > at elf.c:1751 > 1751 if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != > SHT_STRTAB) find attached a small patch against mainline written by Tavis Ormandy to fix this case -mike --Boundary-00=_SG4gC1j/MKYWNG9 Content-Type: text/x-diff; charset="iso-8859-1"; name="bfd-elf-dyn-overflow.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="bfd-elf-dyn-overflow.patch" Content-length: 708 --- bfd/ChangeLog +++ bfd/ChangeLog @@ -1,3 +1,7 @@ +2005-05-12 Tavis Ormandy + + * elf.c: Add sanity check when parsing dynamic sections. + 2005-05-09 Kelley Cook * configure.in: Replace AC_COMPILE_CHECK_SIZEOF with AC_CHECK_SIZEOF. --- bfd/elf.c +++ bfd/elf.c @@ -1768,6 +1768,9 @@ case SHT_DYNAMIC: /* Dynamic linking information. */ if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name, shindex)) return FALSE; + if (hdr->sh_link > elf_numsections (abfd) || + elf_elfsections (abfd)[hdr->sh_link] == NULL) + return FALSE; if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB) { Elf_Internal_Shdr *dynsymhdr; --Boundary-00=_SG4gC1j/MKYWNG9--