PR24785, bfd crashes on empty .PPC.EMB.apuinfo section

Message ID 20190708060101.GL822@bubble.grove.modra.org
State New
Headers show
Series
  • PR24785, bfd crashes on empty .PPC.EMB.apuinfo section
Related show

Commit Message

Alan Modra July 8, 2019, 6:01 a.m.
PR 24785
	* elf32-ppc.c (_bfd_elf_ppc_set_arch): Sanity check .PPC.EMB.apuinfo
	size before reading first word.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c
index df813d36cc..ae03d72241 100644
--- a/bfd/elf32-ppc.c
+++ b/bfd/elf32-ppc.c
@@ -1077,7 +1077,9 @@  _bfd_elf_ppc_set_arch (bfd *abfd)
   if (mach == 0)
     {
       s = bfd_get_section_by_name (abfd, APUINFO_SECTION_NAME);
-      if (s != NULL && bfd_malloc_and_get_section (abfd, s, &contents))
+      if (s != NULL
+	  && s->size >= 24
+	  && bfd_malloc_and_get_section (abfd, s, &contents))
 	{
 	  unsigned int apuinfo_size = bfd_get_32 (abfd, contents + 4);
 	  unsigned int i;