segv in bfd_elf_get_str_section

Attempting to write a termination NUL to PROT_READ mmap'd memory was
a silly idea.

	PR 32109
	* elf.c (bfd_elf_get_str_section): Don't write terminating NUL
	if missing.
	* libbfd.c (_bfd_munmap_readonly_temporary): Correct comment.

diff --git a/bfd/elf.c b/bfd/elf.c
index 9fe031da963a0207a90e5d451464608b769d841e..c882a66ab5c2a8050c1f79e863c9dac4b55a2fff 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -301,7 +301,8 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
          _bfd_error_handler
            /* xgettext:c-format */
            (_("%pB: string table [%u] is corrupt"), abfd, shindex);
-         shstrtab[shstrtabsize - 1] = 0;
+         shstrtab = NULL;
+         i_shdrp[shindex]->sh_size = 0;
        }
       i_shdrp[shindex]->contents = shstrtab;
     }

diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 538684710019b35cf15ec2fa902dfc4c62b50356..4da842ead848effb1e752fa191e6c77bd083df13 100644 (file)
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1126,7 +1126,7 @@ _bfd_munmap_readonly_temporary (void *ptr, size_t rsize)
 {
   /* NB: Since _bfd_munmap_readonly_temporary is called like free, PTR
      may be NULL.  Otherwise, PTR and RSIZE must be valid.  If RSIZE is
-     0, _bfd_malloc_and_read is called.  */
+     0, free is called.  */
   if (ptr == NULL)
     return;
   if (rsize != 0)