From 2bdb5c57f1efcbddab536028d053798e35de6226 Mon Sep 17 00:00:00 2001 From: Zeke Lu <lvzecai@gmail.com> Date: Mon, 24 Oct 2022 23:37:05 +0000 Subject: [PATCH] debug/elf: use saferio.SliceCap when decoding ELF sections This avoids allocating an overly large slice for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Updates #33121. Change-Id: Ie2d947a3865d3499034286f2d08d3e3204015f3e GitHub-Last-Rev: 6c62fc3cec1c6343c76f22f6a2a4ddae060fa2f4 GitHub-Pull-Request: golang/go#56405 Reviewed-on: https://go-review.googlesource.com/c/go/+/445076 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> --- src/debug/elf/file.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go index 708980bc1c31be..7c5ac86c0a1aa8 100644 --- a/src/debug/elf/file.go +++ b/src/debug/elf/file.go @@ -467,8 +467,12 @@ func NewFile(r io.ReaderAt) (*File, error) { } // Read section headers - f.Sections = make([]*Section, shnum) - names := make([]uint32, shnum) + c := saferio.SliceCap((*Section)(nil), uint64(shnum)) + if c < 0 { + return nil, &FormatError{0, "too many sections", shnum} + } + f.Sections = make([]*Section, 0, c) + names := make([]uint32, 0, c) for i := 0; i < shnum; i++ { off := shoff + int64(i)*int64(shentsize) sr.Seek(off, seekStart) @@ -479,7 +483,7 @@ func NewFile(r io.ReaderAt) (*File, error) { if err := binary.Read(sr, f.ByteOrder, sh); err != nil { return nil, err } - names[i] = sh.Name + names = append(names, sh.Name) s.SectionHeader = SectionHeader{ Type: SectionType(sh.Type), Flags: SectionFlag(sh.Flags), @@ -496,7 +500,7 @@ func NewFile(r io.ReaderAt) (*File, error) { if err := binary.Read(sr, f.ByteOrder, sh); err != nil { return nil, err } - names[i] = sh.Name + names = append(names, sh.Name) s.SectionHeader = SectionHeader{ Type: SectionType(sh.Type), Flags: SectionFlag(sh.Flags), @@ -544,7 +548,7 @@ func NewFile(r io.ReaderAt) (*File, error) { } } - f.Sections[i] = s + f.Sections = append(f.Sections, s) } if len(f.Sections) == 0 {