c983249916
CVE-2018-18521 (#1646483)
28 lines
827 B
Diff
28 lines
827 B
Diff
commit 2b16a9be69939822dcafe075413468daac98b327
|
|
Author: Mark Wielaard <mark@klomp.org>
|
|
Date: Thu Oct 18 19:01:52 2018 +0200
|
|
|
|
arlib: Check that sh_entsize isn't zero.
|
|
|
|
A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
|
|
but just assume there are no symbols in the section.
|
|
|
|
https://sourceware.org/bugzilla/show_bug.cgi?id=23786
|
|
|
|
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
|
|
|
diff --git a/src/arlib.c b/src/arlib.c
|
|
index 778e087..a6521e3 100644
|
|
--- a/src/arlib.c
|
|
+++ b/src/arlib.c
|
|
@@ -252,6 +252,9 @@ arlib_add_symbols (Elf *elf, const char *arfname, const char *membername,
|
|
if (data == NULL)
|
|
continue;
|
|
|
|
+ if (shdr->sh_entsize == 0)
|
|
+ continue;
|
|
+
|
|
int nsyms = shdr->sh_size / shdr->sh_entsize;
|
|
for (int ndx = shdr->sh_info; ndx < nsyms; ++ndx)
|
|
{
|