diff options
| author | Dan Kortschak <dan@kortschak.io> | 2022-08-27 12:55:43 +0930 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2022-08-29 20:04:56 +0000 |
| commit | dbd0ce84d7c1da2e788c516c72fef44d5b760337 (patch) | |
| tree | 6b97bb64c86f8cf8bd108be48f3cb667999a4950 /src/debug/elf | |
| parent | 59bdbb3effe3e61f85e336a52323024bafaf44bd (diff) | |
| download | go-dbd0ce84d7c1da2e788c516c72fef44d5b760337.tar.xz | |
debug/elf: validate offset and file size ranges
Change-Id: Iebe31b91c6e81438120f50a8089a8efca3d5339d
Reviewed-on: https://go-review.googlesource.com/c/go/+/426115
Run-TryBot: Dan Kortschak <dan@kortschak.io>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/debug/elf')
| -rw-r--r-- | src/debug/elf/file.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go index 95c28c1433..f37d4b8e9a 100644 --- a/src/debug/elf/file.go +++ b/src/debug/elf/file.go @@ -377,6 +377,12 @@ func NewFile(r io.ReaderAt) (*File, error) { Align: ph.Align, } } + if int64(p.Off) < 0 { + return nil, &FormatError{off, "invalid program header offset", p.Off} + } + if int64(p.Filesz) < 0 { + return nil, &FormatError{off, "invalid program header file size", p.Filesz} + } p.sr = io.NewSectionReader(r, int64(p.Off), int64(p.Filesz)) p.ReaderAt = p.sr f.Progs[i] = p |