debug/elf: guard access to File.gnuVersym

The size of gnuVersym should be multiples of 2. If not, the input is invalid. No Library and Version information is added to sym in this case. The current implementation of gnuVersion does not report errors for invalid input. While at here, bring back the comment that states that the undef entry at the beginning is skipped. This is not an off-by-one error. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #56429. Change-Id: Ia39ad8bd509088a81cc77f7a76e23185d40a5765 GitHub-Last-Rev: 3be0cc1b15 GitHub-Pull-Request: golang/go#56431 Reviewed-on: https://go-review.googlesource.com/c/go/+/445555 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Run-TryBot: Meng Zhuo <mzh@golangcn.org> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
2024-11-26 17:07:09 -07:00 · 2022-10-26 11:41:27 +00:00 · 2022-10-26 11:41:27 +00:00 · 264753c043
commit 264753c043
parent ed24b37fd2
1 changed files with 6 additions and 2 deletions
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@ -1570,12 +1570,16 @@ func (f *File) gnuVersionInit(str []byte) bool {
 // gnuVersion adds Library and Version information to sym,
 // which came from offset i of the symbol table.
 func (f *File) gnuVersion(i int) (library string, version string) {
-	// Each entry is two bytes.
+	// Each entry is two bytes; skip undef entry at beginning.
 	i = (i + 1) * 2
 	if i >= len(f.gnuVersym) {
 		return
 	}
-	j := int(f.ByteOrder.Uint16(f.gnuVersym[i:]))
+	s := f.gnuVersym[i:]
+	if len(s) < 2 {
+		return
+	}
+	j := int(f.ByteOrder.Uint16(s))
 	if j < 2 || j >= len(f.gnuNeed) {
 		return
 	}