30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
--- a/bfd/elf.c 2019-04-04 11:32:43.076000000 +0800
|
|
+++ b/bfd/elf.c 2019-04-04 12:09:04.267000000 +0800
|
|
@@ -6592,6 +6592,7 @@ rewrite_elf_program_header (bfd *ibfd, b
|
|
the given segment. LMA addresses are compared. */
|
|
#define IS_CONTAINED_BY_LMA(section, segment, base) \
|
|
(section->lma >= base \
|
|
+ && (section->lma + SECTION_SIZE (section, segment) >= section->lma) \
|
|
&& (section->lma + SECTION_SIZE (section, segment) \
|
|
<= SEGMENT_END (segment, base)))
|
|
|
|
@@ -7114,8 +7115,16 @@ rewrite_elf_program_header (bfd *ibfd, b
|
|
suggested_lma = output_section;
|
|
}
|
|
|
|
- BFD_ASSERT (map->count > 0);
|
|
-
|
|
+ /* PR 23932. A corrupt input file may contain sections that cannot
|
|
+ be assigned to any segment - because for example they have a
|
|
+ negative size - or segments that do not contain any sections. */
|
|
+ if (map->count == 0)
|
|
+ {
|
|
+ bfd_set_error (bfd_error_bad_value);
|
|
+ free (sections);
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
/* Add the current segment to the list of built segments. */
|
|
*pointer_to_map = map;
|
|
pointer_to_map = &map->next;
|