From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Sun, 9 Feb 2025 00:07:13 +0100
Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab

A corrupt ELF file can have broken program headers, in which case
gelf_getphdr returns NULL. This could crash handle_dynamic_symtab
while searching for the PT_DYNAMIC phdr. Fix this by checking whether
gelf_phdr returns NULL.

          * src/readelf.c (handle_dynamic_symtab): Check whether
          gelf_getphdr returns NULL.

https://sourceware.org/bugzilla/show_bug.cgi?id=32655

Signed-off-by: Mark Wielaard <mark@klomp.org>

CVE: CVE-2025-1371

Upstream-Status: Backport [https://sourceware.org/cgit/elfutils/commit/?id=b38e562a4c907e08171c76b8b2def8464d5a104a]

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
 src/readelf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/readelf.c b/src/readelf.c
index fc04556..13344bf 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl)
   for (size_t i = 0; i < phnum; ++i)
     {
       phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
-      if (phdr->p_type == PT_DYNAMIC)
+      if (phdr == NULL || phdr->p_type == PT_DYNAMIC)
	break;
     }
   if (phdr == NULL)
--
2.40.0