Overview

File pr33457.diff of Package binutils

commit 9ca499644a21ceb3f946d1c179c38a83be084490
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Thu Sep 18 16:59:25 2025 -0700

    elf: Don't match corrupt section header in linker input
    
    Don't swap in nor match corrupt section header in linker input to avoid
    linker crash later.
    
            PR ld/33457
            * elfcode.h (elf_swap_shdr_in): Changed to return bool.  Return
            false for corrupt section header in linker input.
            (elf_object_p): Reject if elf_swap_shdr_in returns false.
    
    Signed-off-by: H.J. Lu <hjl.tools@gmail.com>

diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index 9c65852e103..5224a1abee6 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -311,7 +311,7 @@ elf_swap_ehdr_out (bfd *abfd,
 /* Translate an ELF section header table entry in external format into an
    ELF section header table entry in internal format.  */
 
-static void
+static bool
 elf_swap_shdr_in (bfd *abfd,
 		  const Elf_External_Shdr *src,
 		  Elf_Internal_Shdr *dst)
@@ -341,6 +341,9 @@ elf_swap_shdr_in (bfd *abfd,
 	{
 	  _bfd_error_handler (_("warning: %pB has a section "
 				"extending past end of file"), abfd);
+	  /* PR ld/33457: Don't match corrupt section header.  */
+	  if (abfd->is_linker_input)
+	    return false;
 	  abfd->read_only = 1;
 	}
     }
@@ -350,6 +353,7 @@ elf_swap_shdr_in (bfd *abfd,
   dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
   dst->bfd_section = NULL;
   dst->contents = NULL;
+  return true;
 }
 
 /* Translate an ELF section header table entry in internal format into an
@@ -642,9 +646,9 @@ elf_object_p (bfd *abfd)
 
       /* Read the first section header at index 0, and convert to internal
 	 form.  */
-      if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+      if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+	  || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
 	goto got_no_match;
-      elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
 
       /* If the section count is zero, the actual count is in the first
 	 section header.  */
@@ -730,9 +734,9 @@ elf_object_p (bfd *abfd)
 	 to internal form.  */
       for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
 	{
-	  if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+	  if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+	      || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
 	    goto got_no_match;
-	  elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
 
 	  /* Sanity check sh_link and sh_info.  */
 	  if (i_shdrp[shindex].sh_link >= num_sec)
openSUSE Build Service is sponsored by
Places