debug/elf: validate phentsize and shentsize

No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #56129 Change-Id: I6c81933781384c5e2c8ba0fd99cec50455b9664a Reviewed-on: https://go-review.googlesource.com/c/go/+/441976 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Joedian Reid <joedian@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org>
2024-11-23 03:40:02 -07:00 · 2022-10-10 14:07:10 -07:00 · 2022-10-10 14:07:10 -07:00 · 0ae042f977
commit 0ae042f977
parent 79d0d330a9
1 changed files with 17 additions and 0 deletions
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@ -344,6 +344,19 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		return nil, &FormatError{0, "invalid ELF shstrndx", shstrndx}
 	}

+	var wantPhentsize, wantShentsize int
+	switch f.Class {
+	case ELFCLASS32:
+		wantPhentsize = 8 * 4
+		wantShentsize = 10 * 4
+	case ELFCLASS64:
+		wantPhentsize = 2*4 + 6*8
+		wantShentsize = 4*4 + 6*8
+	}
+	if phnum > 0 && phentsize < wantPhentsize {
+		return nil, &FormatError{0, "invalid ELF phentsize", phentsize}
+	}
+
 	// Read program headers
 	f.Progs = make([]*Prog, phnum)
 	for i := 0; i < phnum; i++ {
@ -439,6 +452,10 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		}
 	}

+	if shnum > 0 && shentsize < wantShentsize {
+		return nil, &FormatError{0, "invalid ELF shentsize", shentsize}
+	}
+
 	// Read section headers
 	f.Sections = make([]*Section, shnum)
 	names := make([]uint32, shnum)