From 6123c4b24f9b409ad90f570a112e4d157a40f776 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Wed, 4 Jul 2012 00:29:50 +0000 Subject: Check number of sections overflow * elf.c (assign_section_numbers): Check if number of sections >= SHN_LORESERVE. * elfcode.h (elf_object_p): Likewise. --- bfd/ChangeLog | 6 ++++++ bfd/elf.c | 7 +++++++ bfd/elfcode.h | 5 +++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f6d368e3a3d..d48c5065a62 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2012-07-03 H.J. Lu + + * elf.c (assign_section_numbers): Check if number of sections + >= SHN_LORESERVE. + * elfcode.h (elf_object_p): Likewise. + 2012-07-03 Nick Clifton * archive.c (bsd_write_armap): Catch attempts to create an archive diff --git a/bfd/elf.c b/bfd/elf.c index 532c7f99f3e..48e5d683413 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -3014,6 +3014,13 @@ assign_section_numbers (bfd *abfd, struct bfd_link_info *link_info) _bfd_elf_strtab_addref (elf_shstrtab (abfd), t->strtab_hdr.sh_name); } + if (section_number >= SHN_LORESERVE) + { + _bfd_error_handler (_("%B: too many sections: %u"), + abfd, section_number); + return FALSE; + } + _bfd_elf_strtab_finalize (elf_shstrtab (abfd)); t->shstrtab_hdr.sh_size = _bfd_elf_strtab_size (elf_shstrtab (abfd)); diff --git a/bfd/elfcode.h b/bfd/elfcode.h index cc55c866d6f..30bda73d86d 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -633,8 +633,9 @@ elf_object_p (bfd *abfd) if (i_ehdrp->e_shnum == SHN_UNDEF) { i_ehdrp->e_shnum = i_shdr.sh_size; - if (i_ehdrp->e_shnum != i_shdr.sh_size - || i_ehdrp->e_shnum == 0) + if (i_ehdrp->e_shnum >= SHN_LORESERVE + || i_ehdrp->e_shnum != i_shdr.sh_size + || i_ehdrp->e_shnum == 0) goto got_wrong_format_error; } -- cgit v1.2.1