Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

buffer overflow in process_sht_group_entries

Browse Source 
An oss-fuzz testcase with a SHT_GROUP section named .debug managed to
break objcopy --compress-debug-sections.  The underlying problem is
that SEC_DEBUGGING is set by section name tests, thus the SHT_GROUP
section gets compressed.  The compressed section data is smaller than
the original section sh_size, and process_sht_group_entries tries to
look at sh_size worth of entries.  The patch fixes this mess by simply
not setting SEC_DEBUGGING on SHT_GROUP sections.

Note that it isn't correct to restrict SEC_DEBUGGING to SHT_PROGBITS
sections, as that will break processor/os special sections for debug.
eg. SHT_MIPS_DEBUG.

	* elf.c (_bfd_elf_make_section_from_shdr): Don't set
	SEC_DEBUGGING on SEC_GROUP sections no matter their name.
This commit is contained in:
Alan Modra
2025-08-17 15:13:06 +09:30
parent 3f7c685f26
commit f586f9b61d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bfd/elf.c
View File

@@ -957,7 +957,7 @@ _bfd_elf_make_section_from_shdr (bfd *abfd,
break;
}
if ((flags & SEC_ALLOC) == 0)
if ((flags & (SEC_ALLOC | SEC_GROUP)) == 0)
{
/* The debugging sections appear to be recognized only by name,
not any sort of flag. Their SEC_ALLOC bits are cleared. */