(group_signature): Check for a group section which is actually a (corrupt)

symbol table section in disguise and prevent an infinite loop from occurring.

2 files changed, 22 insertions, 1 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index f3f87f807bd..c6ecec74e71 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2005-05-17  Nick Clifton  <nickc@redhat.com>
+
+	* elf.c (group_signature): Check for a group section which is
+	actually a (corrupt) symbol table section in disguise and prevent
+	an infinite loop from occurring.
+
 2005-05-17  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* elfxx-ia64.c (elfNN_ia64_relax_brl): Undo the change made on
diff --git a/bfd/elf.c b/bfd/elf.c
index f77d626a30d..5a97580d14d 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -451,8 +451,23 @@ group_signature (bfd *abfd, Elf_Internal_Shdr *ghdr)
   unsigned char esym[sizeof (Elf64_External_Sym)];
   Elf_External_Sym_Shndx eshndx;
   Elf_Internal_Sym isym;
+  unsigned int i;
+
+  if (ghdr == NULL)
+    return NULL;
+
+  /* If this section is linked to by other sections then it is a symbol or
+     string section which is masquerading as a group.  This is a bad thing,
+     and if we carry on to the call to bfd_section_from_shdr below we will
+     enter an infinite loop.  So check now and break out if we detect this
+     case.  See:    
+     http://sources.redhat.com/ml/binutils/2005-05/msg00421.html
+     for a report of a case that tirggers this code.  */
+  for (i = elf_numsections (abfd); i--;)
+    if (elf_elfsections (abfd) [elf_elfsections (abfd) [i]->sh_link] == ghdr)
+      return NULL;
 
-  /* First we need to ensure the symbol table is available.  */
+  /* Next we need to ensure the symbol table is available.  */
   if (! bfd_section_from_shdr (abfd, ghdr->sh_link))
     return NULL;