Bug 23142, SIGSEGV in is_strip_section

Message ID 20180507132721.GT28782@bubble.grove.modra.org
State New
Headers show
Series
  • Bug 23142, SIGSEGV in is_strip_section
Related show

Commit Message

Alan Modra May 7, 2018, 1:27 p.m.
BFD supports only one SHT_SYMTAB section, and objcopy assumed that was
the case.  Fuzzers of course come up with all sorts of crazy
situations, so we need to test that the symbols read by objcopy do in
fact come from the same symbol table referenced in a group signature.

	PR 23142
	* objcopy.c (group_signature): Don't accept groups that use a
	symbol table other than the one we've read.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 61c513b482..fadc957243 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -1211,14 +1211,13 @@  group_signature (asection *group)
     return NULL;
 
   ghdr = &elf_section_data (group)->this_hdr;
-  if (ghdr->sh_link < elf_numsections (abfd))
+  if (ghdr->sh_link == elf_onesymtab (abfd))
     {
       const struct elf_backend_data *bed = get_elf_backend_data (abfd);
-      Elf_Internal_Shdr *symhdr = elf_elfsections (abfd) [ghdr->sh_link];
+      Elf_Internal_Shdr *symhdr = &elf_symtab_hdr (abfd);
 
-      if (symhdr->sh_type == SHT_SYMTAB
-	  && ghdr->sh_info > 0
-	  && ghdr->sh_info < (symhdr->sh_size / bed->s->sizeof_sym))
+      if (ghdr->sh_info > 0
+	  && ghdr->sh_info < symhdr->sh_size / bed->s->sizeof_sym)
 	return isympp[ghdr->sh_info - 1];
     }
   return NULL;