qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-09-29 13:34:30 -06:00
Code Releases Activity

debug/elf: check for negative shoff and phoff fields

Browse Source 
No test because we could add an infinite number of tests of bogus data.

For #47653
Fixes #52035

Change-Id: Iec7e2fe23f2dd1cf14bad2475422f243f51028f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/396880
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
This commit is contained in:
Ian Lance Taylor 2022-03-30 18:47:11 -07:00
parent a9d13a9c23
commit 109a18dce7
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/debug/elf/file.go
View File

@ -325,6 +325,13 @@ func NewFile(r io.ReaderAt) (*File, error) {
shstrndx = int(hdr.Shstrndx) shstrndx = int(hdr.Shstrndx)
} }
if shoff < 0 {
return nil, &FormatError{0, "invalid shoff", shoff}
}
if phoff < 0 {
return nil, &FormatError{0, "invalid phoff", phoff}
}
if shoff == 0 && shnum != 0 { if shoff == 0 && shnum != 0 {
return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum} return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
} }
@ -419,6 +426,12 @@ func NewFile(r io.ReaderAt) (*File, error) {
Entsize: sh.Entsize, Entsize: sh.Entsize,
} }
} }
if int64(s.Offset) < 0 {
return nil, &FormatError{off, "invalid section offset", int64(s.Offset)}
}
if int64(s.FileSize) < 0 {
return nil, &FormatError{off, "invalid section size", int64(s.FileSize)}
}
s.sr = io.NewSectionReader(r, int64(s.Offset), int64(s.FileSize)) s.sr = io.NewSectionReader(r, int64(s.Offset), int64(s.FileSize))
if s.Flags&SHF_COMPRESSED == 0 { if s.Flags&SHF_COMPRESSED == 0 {