debug/dwarf: don't crash on negative range/rnglist offset

No test case because the problem can only happen for invalid data. Let
the fuzzer find cases like this.

Fixes #55948

Change-Id: I7ba40ba928d2a14d4ac5b39f966173f3868d4729
Reviewed-on: https://go-review.googlesource.com/c/go/+/436876
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/debug/dwarf/entry.go b/src/debug/dwarf/entry.go
index 7f48ff3a04..2f804f88ee 100644
--- a/src/debug/dwarf/entry.go
+++ b/src/debug/dwarf/entry.go
@@ -1104,7 +1104,7 @@ func (d *Data) baseAddressForEntry(e *Entry) (*Entry, uint64, error) {
 }
 
 func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) {
-	if ranges > int64(len(d.ranges)) {
+	if ranges < 0 || ranges > int64(len(d.ranges)) {
 		return nil, fmt.Errorf("invalid range offset %d (max %d)", ranges, len(d.ranges))
 	}
 	buf := makeBuf(d, u, "ranges", Offset(ranges), d.ranges[ranges:])
@@ -1129,7 +1129,7 @@ func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64)
 // dwarf5Ranges interprets a debug_rnglists sequence, see DWARFv5 section
 // 2.17.3 (page 53).
 func (d *Data) dwarf5Ranges(u *unit, cu *Entry, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) {
-	if ranges > int64(len(d.rngLists)) {
+	if ranges < 0 || ranges > int64(len(d.rngLists)) {
 		return nil, fmt.Errorf("invalid rnglist offset %d (max %d)", ranges, len(d.ranges))
 	}
 	var addrBase int64