From 6064169e0507e71305e7b600e607e357fc842dd9 Mon Sep 17 00:00:00 2001 From: Ian Lance Taylor Date: Thu, 9 Apr 2026 14:43:28 -0700 Subject: debug/elf: use saferio.SliceCap for segment slice This avoids using a lot of memory for an invalid segment count. No test case because the problem can only happen for invalid ata. Let the fuzzer find cases like this. For #47653 Fixes #78611 Change-Id: I649f5446496bfa46668e7a3e5c84c82131e1d136 Reviewed-on: https://go-review.googlesource.com/c/go/+/765061 Reviewed-by: David Chase Auto-Submit: Ian Lance Taylor LUCI-TryBot-Result: Go LUCI Reviewed-by: Junyang Shao --- src/debug/elf/file.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'src/debug') diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go index faba6fa4e9..e243b8a5f5 100644 --- a/src/debug/elf/file.go +++ b/src/debug/elf/file.go @@ -467,7 +467,14 @@ func NewFile(r io.ReaderAt) (*File, error) { } // Read program headers - f.Progs = make([]*Prog, phnum) + c := saferio.SliceCap[*Prog](uint64(phnum)) + if c < 0 { + return nil, &FormatError{0, "too many segments", phnum} + } + if phnum > 0 && ((1<<64)-1)/uint64(phnum) < uint64(phentsize) { + return nil, &FormatError{0, "segment header overflow", phnum} + } + f.Progs = make([]*Prog, 0, c) phdata, err := saferio.ReadDataAt(sr, uint64(phnum)*uint64(phentsize), phoff) if err != nil { return nil, err @@ -509,7 +516,7 @@ func NewFile(r io.ReaderAt) (*File, error) { } p.sr = io.NewSectionReader(r, int64(p.Off), int64(p.Filesz)) p.ReaderAt = p.sr - f.Progs[i] = p + f.Progs = append(f.Progs, p) } if shnum > 0 && shentsize < wantShentsize { @@ -517,7 +524,7 @@ func NewFile(r io.ReaderAt) (*File, error) { } // Read section headers - c := saferio.SliceCap[Section](uint64(shnum)) + c = saferio.SliceCap[Section](uint64(shnum)) if c < 0 { return nil, &FormatError{0, "too many sections", shnum} } -- cgit v1.3-5-g9baa