We didn't check the symbol table referenced from the relocation table
was a real symbol table. This could cause a crash if that section
happened to be an SHT_NOBITS section without any data. Fix this by
adding an explicit check.
* src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
message string to display.
(INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
(remove_debug_relocations): Check the sh_link referenced
section is real and isn't a SHT_NOBITS section.
https://sourceware.org/bugzilla/show_bug.cgi?id=32673
Signed-off-by: Mark Wielaard <m...@klomp.org>
---
src/strip.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/strip.c b/src/strip.c
index 3812fb17a3b8..8d2bb7a959f0 100644
--- a/src/strip.c
+++ b/src/strip.c
@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
/* Close debug file descriptor, if opened. And remove temporary debug file. */
static void cleanup_debug (void);
-#define INTERNAL_ERROR(fname) \
+#define INTERNAL_ERROR_MSG(fname, msg) \
do { \
cleanup_debug (); \
error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"),
\
- fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \
+ fname, __LINE__, PACKAGE_VERSION, msg); \
} while (0)
+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
/* Name of the output file. */
static const char *output_fname;
@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr
*ehdr,
resolve relocation symbol indexes. */
Elf64_Word symt = shdr->sh_link;
Elf_Data *symdata, *xndxdata;
- Elf_Scn * symscn = elf_getscn (elf, symt);
+ Elf_Scn *symscn = elf_getscn (elf, symt);
+ GElf_Shdr symshdr_mem;
+ GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
+ if (symshdr == NULL)
+ INTERNAL_ERROR (fname);
+ if (symshdr->sh_type == SHT_NOBITS)
+ INTERNAL_ERROR_MSG (fname, "NOBITS section");
+
symdata = elf_getdata (symscn, NULL);
xndxdata = get_xndxdata (elf, symscn);
if (symdata == NULL)
--
2.48.1
