segv in bfd_elf_get_str_section

Message ID Zvsv5X8Uzj2r4s-9@squeak.grove.modra.org
State New
Headers
Series segv in bfd_elf_get_str_section |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm warning Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 warning Patch is already merged

Commit Message

Alan Modra Sept. 30, 2024, 11:10 p.m. UTC
  Attempting to write a termination NUL to PROT_READ mmap'd memory was
a silly idea.

	PR 32109
	* elf.c (bfd_elf_get_str_section): Don't write terminating NUL
	if missing.
	* libbfd.c (_bfd_munmap_readonly_temporary): Correct comment.
  

Patch

diff --git a/bfd/elf.c b/bfd/elf.c
index 9fe031da963..c882a66ab5c 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -301,7 +301,8 @@  bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
 	  _bfd_error_handler
 	    /* xgettext:c-format */
 	    (_("%pB: string table [%u] is corrupt"), abfd, shindex);
-	  shstrtab[shstrtabsize - 1] = 0;
+	  shstrtab = NULL;
+	  i_shdrp[shindex]->sh_size = 0;
 	}
       i_shdrp[shindex]->contents = shstrtab;
     }
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 53868471001..4da842ead84 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1126,7 +1126,7 @@  _bfd_munmap_readonly_temporary (void *ptr, size_t rsize)
 {
   /* NB: Since _bfd_munmap_readonly_temporary is called like free, PTR
      may be NULL.  Otherwise, PTR and RSIZE must be valid.  If RSIZE is
-     0, _bfd_malloc_and_read is called.  */
+     0, free is called.  */
   if (ptr == NULL)
     return;
   if (rsize != 0)