From: Alan Modra <amodra@gmail.com>
Date: Mon, 30 Sep 2024 22:23:55 +0000 (+0930)
Subject: segv in bfd_elf_get_str_section
X-Git-Tag: gdb-16-branchpoint~767
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=656f8fbaae;p=thirdparty%2Fbinutils-gdb.git

segv in bfd_elf_get_str_section

Attempting to write a termination NUL to PROT_READ mmap'd memory was
a silly idea.

	PR 32109
	* elf.c (bfd_elf_get_str_section): Don't write terminating NUL
	if missing.
	* libbfd.c (_bfd_munmap_readonly_temporary): Correct comment.
---

diff --git a/bfd/elf.c b/bfd/elf.c
index 9fe031da963..c882a66ab5c 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -301,7 +301,8 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
 	  _bfd_error_handler
 	    /* xgettext:c-format */
 	    (_("%pB: string table [%u] is corrupt"), abfd, shindex);
-	  shstrtab[shstrtabsize - 1] = 0;
+	  shstrtab = NULL;
+	  i_shdrp[shindex]->sh_size = 0;
 	}
       i_shdrp[shindex]->contents = shstrtab;
     }
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 53868471001..4da842ead84 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1126,7 +1126,7 @@ _bfd_munmap_readonly_temporary (void *ptr, size_t rsize)
 {
   /* NB: Since _bfd_munmap_readonly_temporary is called like free, PTR
      may be NULL.  Otherwise, PTR and RSIZE must be valid.  If RSIZE is
-     0, _bfd_malloc_and_read is called.  */
+     0, free is called.  */
   if (ptr == NULL)
     return;
   if (rsize != 0)