Print this page
5547 libproc's fake_elf should give up if there's no .hash
5546 libproc's fake_elf may free stack junk when reading corrupt dumps

@@ -247,11 +247,11 @@
         Elf *elf;
         size_t dynsym_size = 0, ldynsym_size;
         int dynstr_shndx;
         Ehdr *ep;
         Shdr *sp;
-        Dyn *dp;
+        Dyn *dp = NULL;
         Dyn *d[DI_NENT] = { 0 };
         uint_t i;
         Off off;
         size_t pltsz = 0, pltentries = 0;
         uintptr_t hptr = NULL;

@@ -364,10 +364,15 @@
 
                 hnbuckets = hash[0];
                 hnchains = hash[1];
         }
 
+        if ((d[DI_HASH] == NULL) || (hnbuckets == 0) || (hnchains == 0)) {
+                dprintf("empty or missing .hash\n");
+                goto bad;
+        }
+
         /*
          * .dynsym and .SUNW_ldynsym sections.
          *
          * The string table section used for the symbol table and
          * dynamic sections lies immediately after the dynsym, so the