elflint: Check sh_info for symtab isn't too big.

The sh_info field of the symtab says how many symbols are in the
section. Make sure at least that many symbols fit in the section.

Reported-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/src/ChangeLog b/src/ChangeLog
index 7ce9e54bc95ac18c0c90eef8bda7e269468adda4..e351318bf9d8a19e2fa8af57c3a65aab0f8e3760 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2020-02-07  Mark Wielaard  <mark@klomp.org>
+
+       * elflint.c (check_symtab): Check st_info isn't too big.
+
 2020-01-16  Mark Wielaard  <mark@klomp.org>
 
        * nm.c (show_symbols_sysv): Iterate over all symbols starting

diff --git a/src/elflint.c b/src/elflint.c
index 684b794e341376322fd17615ce2b145b9b82f303..78d485e32d431a151f5633419bbfc2fa78bb6b80 100644 (file)
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -658,6 +658,10 @@ section [%2d] '%s': symbol table cannot have more than one extended index sectio
     ERROR (gettext ("\
 section [%2u] '%s': entry size is does not match ElfXX_Sym\n"),
           idx, section_name (ebl, idx));
+  else if (shdr->sh_info > shdr->sh_size / sh_entsize)
+    ERROR (gettext ("\
+section [%2u] '%s': number of local entries in 'st_info' larger than table size\n"),
+          idx, section_name (ebl, idx));
 
   /* Test the zeroth entry.  */
   GElf_Sym sym_mem;