commit a55c9876bb111fd301b4762cf501de0040b8f9db
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Dec 5 13:35:50 2016 +0000

    Fix seg-fault attempting to strip a corrupt binary.
    
        PR binutils/20922
        * elf.c (find_link): Check for null headers before attempting to
        match them.

Upstream-Status: Backport

CVE: CVE-2017-7303
Signed-off-by: Thiruvadi Rajaraman <tarjaraman@mvista.com>

Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-04 16:06:08.996688391 +0530
+++ git/bfd/ChangeLog	2017-09-04 16:09:26.810320541 +0530
@@ -124,6 +124,10 @@
        (aout_link_add_symbols): Fix off by one error checking for
        overflow of string offset.
 
+       PR binutils/20922
+       * elf.c (find_link): Check for null headers before attempting to
+       match them.
+
        PR binutils/20921
        * aoutx.h (squirt_out_relocs): Check for and report any relocs
        that could not be recognised.
Index: git/bfd/elf.c
===================================================================
--- git.orig/bfd/elf.c	2017-09-04 16:05:55.612577527 +0530
+++ git/bfd/elf.c	2017-09-04 16:08:35.709900050 +0530
@@ -1249,13 +1249,19 @@
   Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
   unsigned int i;
 
-  if (section_match (oheaders[hint], iheader))
+  BFD_ASSERT (iheader != NULL);
+
+  /* See PR 20922 for a reproducer of the NULL test.  */
+  if (oheaders[hint] != NULL
+      && section_match (oheaders[hint], iheader))
     return hint;
 
   for (i = 1; i < elf_numsections (obfd); i++)
     {
       Elf_Internal_Shdr * oheader = oheaders[i];
 
+      if (oheader == NULL)
+	continue;
       if (section_match (oheader, iheader))
 	/* FIXME: Do we care if there is a potential for
 	   multiple matches ?  */