* PR28542, Undefined behaviours in readelf.c
@ 2021-11-09 22:41 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2021-11-09 22:41 UTC (permalink / raw)
To: binutils
Anti-fuzzing sanity checks.
PR 28542
* readelf.c (dump_relocations): Check that section headers have
been read before attempting to access section name.
(print_dynamic_symbol): Likewise.
(process_mips_specific): Delete dead code.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 50129f4ab4f..c71d542f051 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -1934,7 +1934,8 @@ dump_relocations (Filedata * filedata,
if (ELF_ST_TYPE (psym->st_info) == STT_SECTION)
{
- if (psym->st_shndx < filedata->file_header.e_shnum)
+ if (psym->st_shndx < filedata->file_header.e_shnum
+ && filedata->section_headers != NULL)
sec_name = section_name_print (filedata,
filedata->section_headers
+ psym->st_shndx);
@@ -12861,6 +12862,7 @@ print_dynamic_symbol (Filedata *filedata, unsigned long si,
if (ELF_ST_TYPE (psym->st_info) == STT_SECTION
&& psym->st_shndx < filedata->file_header.e_shnum
+ && filedata->section_headers != NULL
&& psym->st_name == 0)
{
is_valid
@@ -18262,7 +18264,6 @@ process_mips_specific (Filedata * filedata)
Elf_External_Options * eopt;
size_t offset;
int cnt;
- sect = filedata->section_headers;
/* Find the section header so that we get the size. */
sect = find_section_by_type (filedata, SHT_MIPS_OPTIONS);
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-11-09 22:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-09 22:41 PR28542, Undefined behaviours in readelf.c Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).