From 8a23ac205cb4995d4510a5af880939eda4a5343e Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Tue, 15 Mar 2022 19:26:18 -0700
Subject: [PATCH] file: don't be confused by BSS sections.

BSS sections are *expected* to claim a larger size than is actually
present in the file. Unlike program headers which have two different
size fields for the memory and file sizes, sections headers only have
one size field, so we're using the right field; we just need to ignore
it for our overflow checking purposes.
---
 toys/posix/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/toys/posix/file.c b/toys/posix/file.c
index 45e614dd..9330da13 100644
--- a/toys/posix/file.c
+++ b/toys/posix/file.c
@@ -133,6 +133,7 @@ static void do_elf_file(int fd)
     sh_type = elf_int(shdr+4, 4);
     sh_offset = elf_int(shdr+8+(8<<bits), 4<<bits);
     sh_size = elf_int(shdr+8+(12<<bits), 4);
+    if (sh_type == 8 /*SHT_NOBITS*/) sh_size = 0;
     if (sh_offset>TT.len || sh_size>TT.len-sh_offset) goto bad;
 
     if (sh_type == 2 /*SHT_SYMTAB*/) {
-- 
2.39.2