From b518841fbc1431d7c5baa016e35f10fb647b5958 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 18 Oct 2018 19:01:52 +0200
Subject: [PATCH] arlib: Check that sh_entsize isn't zero.

A bogus ELF file could have sh_entsize as zero. Don't divide by zero,
but just assume there are no symbols in the section.

https://sourceware.org/bugzilla/show_bug.cgi?id=23786

Signed-off-by: Mark Wielaard <mark@klomp.org>

CVE: CVE-2018-18521
Upstream-Status: Backport [http://sourceware.org/git/elfutils.git]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 src/arlib.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/arlib.c b/src/arlib.c
index 778e087..a6521e3 100644
--- a/src/arlib.c
+++ b/src/arlib.c
@@ -252,6 +252,9 @@ arlib_add_symbols (Elf *elf, const char *arfname, const char *membername,
       if (data == NULL)
 	continue;
 
+      if (shdr->sh_entsize == 0)
+	continue;
+
       int nsyms = shdr->sh_size / shdr->sh_entsize;
       for (int ndx = shdr->sh_info; ndx < nsyms; ++ndx)
 	{
-- 
2.7.4