On Wed, Jun 17, 2015 at 02:43:41PM +0200, Sébastien Marie wrote:
> Hi,
>
> I would like to report a SEGFAULT in nm(1) that occurs with object-file
> with no section headers (e_shnum = 0).
>
>
> Index: elf.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/nm/elf.c,v
> retrieving revision 1.28
> diff -u -p -r1.28 elf.c
> --- elf.c 17 May 2015 20:19:08 -0000 1.28
> +++ elf.c 17 Jun 2015 12:05:25 -0000
> @@ -149,6 +149,16 @@ elf_load_shdrs(const char *name, FILE *f
>
> elf_fix_header(head);
>
> + if (head->e_shnum == 0) {
> + warnx("%s: no section header table", name);
> + return (NULL);
> + }
> +
> + if (head->e_shstrndx >= head->e_shentsize * head->e_shnum) {
> + warnx("%s: inconsistent section header table", name);
> + return (NULL);
> + }
wrong here: the check should be (head->e_shstrndx >= head->e_shnum)
corrected patch below.
> if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) {
> warn("%s: malloc shdr", name);
> return (NULL);
--
Sébastien Marie
Index: elf.c
===================================================================
RCS file: /cvs/src/usr.bin/nm/elf.c,v
retrieving revision 1.28
diff -u -p -r1.28 elf.c
--- elf.c 17 May 2015 20:19:08 -0000 1.28
+++ elf.c 17 Jun 2015 15:07:19 -0000
@@ -149,6 +149,16 @@ elf_load_shdrs(const char *name, FILE *f
elf_fix_header(head);
+ if (head->e_shnum == 0) {
+ warnx("%s: no section header table", name);
+ return (NULL);
+ }
+
+ if (head->e_shstrndx >= head->e_shnum) {
+ warnx("%s: inconsistent section header table", name);
+ return (NULL);
+ }
+
if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) {
warn("%s: malloc shdr", name);
return (NULL);
