elflint: Check symbol table data is big enough before checking.

Before checking symbol index zero we should make sure the data size
is big enough.

https://sourceware.org/bugzilla/show_bug.cgi?id=21310

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/src/ChangeLog b/src/ChangeLog
index 41381aa03b3564a5c3efa49e216b94c98e82b955..6031213f049dbbf5ce90924ffe57b1c84a004e1c 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2017-03-27  Mark Wielaard  <mark@klomp.org>
+
+       * elflint.c (check_symtab_shndx): Check data->d_size.
+
 2017-03-24  Mark Wielaard  <mjw@redhat.com>
 
        * elfcmp.c (main): If n_namesz == 0 then the note name data is the

diff --git a/src/elflint.c b/src/elflint.c
index 66a13ca2284eb8991fee94af48c7fdd78c164858..76fb1a0c57794b0222f0be63382913b8aacee2df 100644 (file)
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -1959,7 +1959,8 @@ section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same
       return;
     }
 
-  if (*((Elf32_Word *) data->d_buf) != 0)
+  if (data->d_size < sizeof (Elf32_Word)
+      || *((Elf32_Word *) data->d_buf) != 0)
     ERROR (gettext ("symbol 0 should have zero extended section index\n"));
 
   for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt)