libelf: Make sure shdrs are valid before storing extended phnum in newphdr.

Creating phdr with more than PN_XNUM phnum requires a valid section zero
shdr to store the extended value. Make sure the shdrs are valid. Also fix
the error when count was too big to store by setting ELF_E_INVALID_INDEX
before failing.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

2 files changed, 17 insertions, 1 deletions

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 312d5cfb..a7983a0a 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2015-05-12  Mark Wielaard  <mjw@redhat.com>
+
+	* elf32_newphdr.c (newphdr): Call __libelf_seterrno with
+	ELF_E_INVALID_INDEX before failing. Check whether section zero shdr
+	actually exists if we need to put extended phnum in section zero.
+
 2015-05-08  Mark Wielaard  <mjw@redhat.com>
 
 	* nlist.c (nlist): Call gelf_fsize with EV_CURRENT.
diff --git a/libelf/elf32_newphdr.c b/libelf/elf32_newphdr.c
index 01038e73..f89153b4 100644
--- a/libelf/elf32_newphdr.c
+++ b/libelf/elf32_newphdr.c
@@ -116,6 +116,17 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
     {
       if (unlikely (count > SIZE_MAX / sizeof (ElfW2(LIBELFBITS,Phdr))))
 	{
+	  __libelf_seterrno (ELF_E_INVALID_INDEX);
+	  result = NULL;
+	  goto out;
+	}
+
+      Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
+      if (unlikely (count >= PN_XNUM && scn0->shdr.ELFW(e,LIBELFBITS) == NULL))
+	{
+	  /* Something is wrong with section zero, but we need it to write
+	     the extended phdr count.  */
+	  __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
 	  result = NULL;
 	  goto out;
 	}
@@ -134,7 +145,6 @@ elfw2(LIBELFBITS,newphdr) (elf, count)
 	  if (count >= PN_XNUM)
 	    {
 	      /* We have to write COUNT into the zeroth section's sh_info.  */
-	      Elf_Scn *scn0 = &elf->state.ELFW(elf,LIBELFBITS).scns.data[0];
 	      if (elf->state.ELFW(elf,LIBELFBITS).scns.cnt == 0)
 		{
 		  assert (elf->state.ELFW(elf,LIBELFBITS).scns.max > 0);