# DP: Fix PR binutils/21135, invalid read of section contents.

From f055032e4e922f1e1a5e11026c7c2669fa2a7d19 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 13 Feb 2017 15:04:37 +0000
Subject: [PATCH] Fix invalid read of section contents whilst processing a
 corrupt binary.

	PR binutils/21135
	* readelf.c (dump_section_as_bytes): Handle the case where
	uncompress_section_contents returns false.
	(dump_section_as_bytes, load_specific_debug_section): Likewise.

---
 binutils/ChangeLog |  6 ++++++
 binutils/readelf.c | 16 ++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

2017-02-13  Nick Clifton  <nickc@redhat.com>

	PR binutils/21135
	* readelf.c (dump_section_as_bytes): Handle the case where
	uncompress_section_contents returns false.
	(dump_section_as_bytes, load_specific_debug_section): Likewise.

Index: b/binutils/readelf.c
===================================================================
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12668,10 +12668,18 @@ dump_section_as_strings (Elf_Internal_Sh
 	  new_size -= 12;
 	}
 
-      if (uncompressed_size
-	  && uncompress_section_contents (& start,
-					  uncompressed_size, & new_size))
-	num_bytes = new_size;
+      if (uncompressed_size)
+	{
+	  if (uncompress_section_contents (& start,
+					   uncompressed_size, & new_size))
+	    num_bytes = new_size;
+	  else
+	    {
+	      error (_("Unable to decompress section %s\n"),
+		     printable_section_name (section));
+	      return;
+	    }
+	}
     }
 
   /* If the section being dumped has relocations against it the user might
@@ -12802,10 +12810,18 @@ dump_section_as_bytes (Elf_Internal_Shdr
 	  new_size -= 12;
 	}
 
-      if (uncompressed_size
-	  && uncompress_section_contents (& start, uncompressed_size,
-					  & new_size))
-	section_size = new_size;
+      if (uncompressed_size)
+	{
+	  if (uncompress_section_contents (& start, uncompressed_size,
+					   & new_size))
+	    section_size = new_size;
+	  else
+	    {
+	      error (_("Unable to decompress section %s\n"),
+		     printable_section_name (section));
+	      return;
+	    }
+	}
     }
 
   if (relocate)
@@ -12955,14 +12971,22 @@ load_specific_debug_section (enum dwarf_
 	  size -= 12;
 	}
 
-      if (uncompressed_size
-	  && uncompress_section_contents (&start, uncompressed_size,
-					  &size))
-	{
-	  /* Free the compressed buffer, update the section buffer
-	     and the section size if uncompress is successful.  */
-	  free (section->start);
-	  section->start = start;
+      if (uncompressed_size)
+	{
+	  if (uncompress_section_contents (&start, uncompressed_size,
+					   &size))
+	    {
+	      /* Free the compressed buffer, update the section buffer
+		 and the section size if uncompress is successful.  */
+	      free (section->start);
+	      section->start = start;
+	    }
+	  else
+	    {
+	      error (_("Unable to decompress section %s\n"),
+		     printable_section_name (sec));
+	      return 0;
+	    }
 	}
       section->size = size;
     }