Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debug/buildinfo: over allocation #58886

Closed
catenacyber opened this issue Mar 6, 2023 · 5 comments
Closed

debug/buildinfo: over allocation #58886

catenacyber opened this issue Mar 6, 2023 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/_mD07VhyOGa?v=gotip

What did you expect to see?

The program finishing and printing Hello, without allocating too much

What did you see instead?

Running heap : 1769414080 that is 1.7 Bytes for a fix bytes input

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56713

Regression range is 2c46cc8:a2c2f06cad8aa722120cb73e965d168bfcb4d977
@catenacyber
Copy link
Contributor Author

following #58754

@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 6, 2023
@cagedmantis cagedmantis added this to the Backlog milestone Mar 6, 2023
@cagedmantis
Copy link
Contributor

CC @golang/compiler, @ianlancetaylor

@bcmills
Copy link
Contributor

bcmills commented Mar 6, 2023

The leading bytes seem to indicate that this is being parsed as an object file for plan9/386 (https://go.dev/play/p/pyCSYf-OioF).

(CC @golang/plan9)

@bcmills
Copy link
Contributor

bcmills commented Mar 6, 2023

Just from inspecting the debug/buildinfo implementation, I suspect that the source of growth is here:
https://cs.opensource.google/go/go/+/master:src/debug/buildinfo/buildinfo.go;l=244;drc=b94dc384cabf75e7e8703265cd80f5324f84b642

Each of the ReadData implementations has a make call with a size given in a header, and it appears that few (none?) of the debug implementation validate the section sizes against the underlying file.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/473657 mentions this issue: debug/buildinfo: use saferio in ReadData methods

@catenacyber catenacyber mentioned this issue Apr 24, 2023
Closed
@golang golang locked and limited conversation to collaborators Mar 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@cagedmantis @bcmills @gopherbot @catenacyber