From 8c9e04b26729438492a4b9a4af9d08aec9b3a704 Mon Sep 17 00:00:00 2001
From: dim <dim@FreeBSD.org>
Date: Fri, 31 Aug 2012 23:28:41 +0000
Subject: Fix a twelve year old bug in readelf: when process_dynamic_segment()
 encounters a DT_RUNPATH entry, the global dynamic_info[] array is overrun,
 causing some other global variable to be overwritten.

In my testcase, this was the section_headers variable, leading to
segfaults or jemalloc assertions when it was freed later on.

Thanks to Koop Mast for providing samples of a few "bad" .so files.

MFC after:	1 week
---
 contrib/binutils/binutils/readelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'contrib/binutils/binutils')

diff --git a/contrib/binutils/binutils/readelf.c b/contrib/binutils/binutils/readelf.c
index a8c5ccc..98249ff 100644
--- a/contrib/binutils/binutils/readelf.c
+++ b/contrib/binutils/binutils/readelf.c
@@ -174,7 +174,7 @@ static Elf_Internal_Syminfo *dynamic_syminfo;
 static unsigned long dynamic_syminfo_offset;
 static unsigned int dynamic_syminfo_nent;
 static char program_interpreter[PATH_MAX];
-static bfd_vma dynamic_info[DT_JMPREL + 1];
+static bfd_vma dynamic_info[DT_ENCODING];
 static bfd_vma dynamic_info_DT_GNU_HASH;
 static bfd_vma version_info[16];
 static Elf_Internal_Ehdr elf_header;
-- 
cgit v1.1