From 656f8fbaae34cb37bda5110cbc8c79c6a2aaa847 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Tue, 1 Oct 2024 07:53:55 +0930
Subject: [PATCH] segv in bfd_elf_get_str_section

Attempting to write a termination NUL to PROT_READ mmap'd memory was
a silly idea.

	PR 32109
	* elf.c (bfd_elf_get_str_section): Don't write terminating NUL
	if missing.
	* libbfd.c (_bfd_munmap_readonly_temporary): Correct comment.
---
 bfd/elf.c    | 3 ++-
 bfd/libbfd.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bfd/elf.c b/bfd/elf.c
index 9fe031da963..c882a66ab5c 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -301,7 +301,8 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
 	  _bfd_error_handler
 	    /* xgettext:c-format */
 	    (_("%pB: string table [%u] is corrupt"), abfd, shindex);
-	  shstrtab[shstrtabsize - 1] = 0;
+	  shstrtab = NULL;
+	  i_shdrp[shindex]->sh_size = 0;
 	}
       i_shdrp[shindex]->contents = shstrtab;
     }
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 53868471001..4da842ead84 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1126,7 +1126,7 @@ _bfd_munmap_readonly_temporary (void *ptr, size_t rsize)
 {
   /* NB: Since _bfd_munmap_readonly_temporary is called like free, PTR
      may be NULL.  Otherwise, PTR and RSIZE must be valid.  If RSIZE is
-     0, _bfd_malloc_and_read is called.  */
+     0, free is called.  */
   if (ptr == NULL)
     return;
   if (rsize != 0)
-- 
2.39.5