unstrip: Fix off by one array access with unstripped_strent.

When configuring with --enable-sanitize-undefined the latest GCC found
an array out of bounds access when running the un-strip-strmerge.sh test.
We keep an array of section names. But skipped section zero, since it
didn't have a name. We should however not actually skip the first array
index (zero) when storing and reading the names.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

2 files changed, 8 insertions, 3 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 21fc7d51..fbe4afc5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2016-07-06  Mark Wielaard  <mjw@redhat.com>
+
+	* unstrip.c (copy_elided_sections): Use unstripped_strent[] from
+	index zero, instead of one.
+
 2016-06-28  Richard Henderson <rth@redhat.com>
 
 	* elflint.c (valid_e_machine): Add EM_BPF.
diff --git a/src/unstrip.c b/src/unstrip.c
index 85e0a1da..adeb5991 100644
--- a/src/unstrip.c
+++ b/src/unstrip.c
@@ -1761,8 +1761,8 @@ more sections in stripped file than debug file -- arguments reversed?"));
 	      GElf_Shdr mem;
 	      GElf_Shdr *hdr = gelf_getshdr (sec, &mem);
 	      const char *name = get_section_name (i + 1, hdr, shstrtab);
-	      unstripped_strent[i + 1] = ebl_strtabadd (symstrtab, name, 0);
-	      ELF_CHECK (unstripped_strent[i + 1] != NULL,
+	      unstripped_strent[i] = ebl_strtabadd (symstrtab, name, 0);
+	      ELF_CHECK (unstripped_strent[i] != NULL,
 			 _("cannot add section name to string table: %s"));
 	    }
 
@@ -1785,7 +1785,7 @@ more sections in stripped file than debug file -- arguments reversed?"));
 	      Elf_Scn *sec = elf_getscn (unstripped, i + 1);
 	      GElf_Shdr mem;
 	      GElf_Shdr *hdr = gelf_getshdr (sec, &mem);
-	      shdr->sh_name = ebl_strtaboffset (unstripped_strent[i + 1]);
+	      shdr->sh_name = ebl_strtaboffset (unstripped_strent[i]);
 	      update_shdr (sec, hdr);
 	    }
 	}