From bdcb5ecaaa10381d3881563ef927f4a39399f28d Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 17 May 2005 18:08:08 +0000 Subject: [PATCH] (group_signature): Check for a group section which is actually a (corrupt) symbol table section in disguise and prevent an infinite loop from occurring. --- bfd/ChangeLog | 6 ++++++ bfd/elf.c | 17 ++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f3f87f807b..c6ecec74e7 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2005-05-17 Nick Clifton + + * elf.c (group_signature): Check for a group section which is + actually a (corrupt) symbol table section in disguise and prevent + an infinite loop from occurring. + 2005-05-17 H.J. Lu * elfxx-ia64.c (elfNN_ia64_relax_brl): Undo the change made on diff --git a/bfd/elf.c b/bfd/elf.c index f77d626a30..5a97580d14 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -451,8 +451,23 @@ group_signature (bfd *abfd, Elf_Internal_Shdr *ghdr) unsigned char esym[sizeof (Elf64_External_Sym)]; Elf_External_Sym_Shndx eshndx; Elf_Internal_Sym isym; + unsigned int i; + + if (ghdr == NULL) + return NULL; + + /* If this section is linked to by other sections then it is a symbol or + string section which is masquerading as a group. This is a bad thing, + and if we carry on to the call to bfd_section_from_shdr below we will + enter an infinite loop. So check now and break out if we detect this + case. See: + http://sources.redhat.com/ml/binutils/2005-05/msg00421.html + for a report of a case that tirggers this code. */ + for (i = elf_numsections (abfd); i--;) + if (elf_elfsections (abfd) [elf_elfsections (abfd) [i]->sh_link] == ghdr) + return NULL; - /* First we need to ensure the symbol table is available. */ + /* Next we need to ensure the symbol table is available. */ if (! bfd_section_from_shdr (abfd, ghdr->sh_link)) return NULL; -- 2.11.0