debug/macho: use saferio to allocate load command slice

Avoid allocating large amounts of memory for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #54780 Change-Id: Icdacb16bef7d29ef431da52e6d1da4e883a3e050 Reviewed-on: https://go-review.googlesource.com/c/go/+/427434 Run-TryBot: Tobias Klauser <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Heschi Kreinick <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Auto-Submit: Tobias Klauser <[email protected]>
golang · Sep 2, 2022 · 553f02c · 553f02c
1 parent 6605686
commit 553f02c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/debug/macho/file.go b/src/debug/macho/file.go
@@ -249,8 +249,8 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	if f.Magic == Magic64 {
 		offset = fileHeaderSize64
 	}
-	dat := make([]byte, f.Cmdsz)
-	if _, err := r.ReadAt(dat, offset); err != nil {
+	dat, err := saferio.ReadDataAt(r, uint64(f.Cmdsz), offset)
+	if err != nil {
 		return nil, err
 	}
 	c := saferio.SliceCap([]Load{}, uint64(f.Ncmd))