bfd_elf_string_from_elf_section() function of bfd/elf.c doesn't check if
shindex is valid or not. I generated a file with my fuzzer which crash nm:
=> Segfault at bfd/elf.c, line 278
abdf->section=
abdf->section_count=0
abdf->shindex=65288 (!)
Proposition of fix: replace
if (strindex == 0)
return "";
with
if (strindex == 0 || abfd->section_count < shindex)
return "";
--
Summary: bfd_elf_string_from_elf_section() doesn't check shindex
value
Product: binutils
Version: 2.18 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: victor dot stinner at haypocalc dot com
CC: bug-binutils at gnu dot org
GCC build triplet: linux,i386
GCC host triplet: linux,i386
GCC target triplet: linux,i386
http://sourceware.org/bugzilla/show_bug.cgi?id=4496
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
bug-binutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-binutils
