From 7adfa82726280371bb4dfc710dc4168dfd9de703 Mon Sep 17 00:00:00 2001
From: Ian Lance Taylor <iant@golang.org>
Date: Thu, 23 Jun 2022 15:57:10 -0700
Subject: debug/macho, internal/saferio: limit slice allocation

Don't allocate slices that are too large; choose a smaller capacity
and build the slice using append. Use this in debug/macho to avoid
over-allocating if a fat header is incorrect.

No debug/macho test case because the problem can only happen for
invalid data. Let the fuzzer find cases like this.

For #47653
Fixes #52523

Change-Id: I372c9cdbdda8626a3225e79d713650beb350ebc7
Reviewed-on: https://go-review.googlesource.com/c/go/+/413874
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
---
 src/debug/macho/fat.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/debug/macho')

diff --git a/src/debug/macho/fat.go b/src/debug/macho/fat.go
index 6bd730dc0b..775beaf12c 100644
--- a/src/debug/macho/fat.go
+++ b/src/debug/macho/fat.go
@@ -7,6 +7,7 @@ package macho
 import (
 	"encoding/binary"
 	"fmt"
+	"internal/saferio"
 	"io"
 	"os"
 )
@@ -85,9 +86,13 @@ func NewFatFile(r io.ReaderAt) (*FatFile, error) {
 
 	// Following the fat_header comes narch fat_arch structs that index
 	// Mach-O images further in the file.
-	ff.Arches = make([]FatArch, narch)
+	c := saferio.SliceCap(FatArch{}, uint64(narch))
+	if c < 0 {
+		return nil, &FormatError{offset, "too many images", nil}
+	}
+	ff.Arches = make([]FatArch, 0, c)
 	for i := uint32(0); i < narch; i++ {
-		fa := &ff.Arches[i]
+		var fa FatArch
 		err = binary.Read(sr, binary.BigEndian, &fa.FatArchHeader)
 		if err != nil {
 			return nil, &FormatError{offset, "invalid fat_arch header", nil}
@@ -115,6 +120,8 @@ func NewFatFile(r io.ReaderAt) (*FatFile, error) {
 				return nil, &FormatError{offset, fmt.Sprintf("Mach-O type for architecture #%d (type=%#x) does not match first (type=%#x)", i, fa.Type, machoType), nil}
 			}
 		}
+
+		ff.Arches = append(ff.Arches, fa)
 	}
 
 	return &ff, nil
-- 
cgit v1.3