bfd/elf-attrs.c: Fix possible infinite loop parsing attributes

Message ID 1415201288-11629-1-git-send-email-will.newton@linaro.org
State New
Headers show

Commit Message

Will Newton Nov. 5, 2014, 3:28 p.m.
Handle the case of a zero length section or sub-section in
_bfd_elf_parse_attributes and in doing so prevent an infinite loop
in the parser.

bfd/ChangeLog:

2014-11-05  Will Newton  <will.newton@linaro.org>

	* elf-attrs.c (_bfd_elf_parse_attributes): Handle zero
	length sections and sub-sections.
---
 bfd/elf-attrs.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Nick Clifton Nov. 6, 2014, 12:35 p.m. | #1
Hi Will,

> bfd/ChangeLog:
>
> 2014-11-05  Will Newton  <will.newton@linaro.org>
>
> 	* elf-attrs.c (_bfd_elf_parse_attributes): Handle zero
> 	length sections and sub-sections.

Approved - please apply.

Cheers
   Nick

Patch

diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index cd0cbca..6bc2944 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -455,6 +455,8 @@  _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 
 	  section_len = bfd_get_32 (abfd, p);
 	  p += 4;
+	  if (section_len == 0)
+	    break;
 	  if (section_len > len)
 	    section_len = len;
 	  len -= section_len;
@@ -487,6 +489,8 @@  _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 	      p += n;
 	      subsection_len = bfd_get_32 (abfd, p);
 	      p += 4;
+	      if (subsection_len == 0)
+		break;
 	      if (subsection_len > section_len)
 		subsection_len = section_len;
 	      section_len -= subsection_len;