From b96b6262f5664cb5623dfb989a59e81d8e8ca680 Mon Sep 17 00:00:00 2001 From: Alan Modra <amodra@gmail.com> Date: Mon, 8 Jul 2019 10:06:09 +0930 Subject: [PATCH] PR24785, bfd crashes on empty .PPC.EMB.apuinfo section PR 24785 * elf32-ppc.c (_bfd_elf_ppc_set_arch): Sanity check .PPC.EMB.apuinfo size before reading first word. (cherry picked from commit 62a47958bd6e3cbd909c2f19cd4669a9670ce4f1) --- bfd/ChangeLog | 6 ++++++ bfd/elf32-ppc.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) #diff --git a/bfd/ChangeLog b/bfd/ChangeLog #index d92a6eee80..d21a1a6180 100644 #--- a/bfd/ChangeLog #+++ b/bfd/ChangeLog #@@ -1,3 +1,9 @@ #+2019-07-08 Alan Modra <amodra@gmail.com> #+ #+ PR 24785 #+ * elf32-ppc.c (_bfd_elf_ppc_set_arch): Sanity check .PPC.EMB.apuinfo #+ size before reading first word. #+ # 2019-07-05 Szabolcs Nagy <szabolcs.nagy@arm.com> # # Backport from mainline. diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index 6991e8ddc1..2349402d8c 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -1077,7 +1077,9 @@ _bfd_elf_ppc_set_arch (bfd *abfd) if (mach == 0) { s = bfd_get_section_by_name (abfd, APUINFO_SECTION_NAME); - if (s != NULL && bfd_malloc_and_get_section (abfd, s, &contents)) + if (s != NULL + && s->size >= 24 + && bfd_malloc_and_get_section (abfd, s, &contents)) { unsigned int apuinfo_size = bfd_get_32 (abfd, contents + 4); unsigned int i; -- 2.22.0