From 297e3de7a1416d2ccdadcf3bdc6c9d3776e2abd8 Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan@kortschak.io>
Date: Wed, 24 Aug 2022 22:00:11 +0930
Subject: [PATCH] debug/macho: use saferio to read segment and section data

Avoid allocating large amounts of memory for corrupt input.

No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.

Change-Id: Ib09d5fea54aabcb6941e541b42689222fba69632
Reviewed-on: https://go-review.googlesource.com/c/go/+/425303
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Dan Kortschak <dan@kortschak.io>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: hopehook <hopehook@qq.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 src/debug/macho/file.go | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/debug/macho/file.go b/src/debug/macho/file.go
index b57dba8496b..e6b170a7cdb 100644
--- a/src/debug/macho/file.go
+++ b/src/debug/macho/file.go
@@ -13,6 +13,7 @@ import (
 	"debug/dwarf"
 	"encoding/binary"
 	"fmt"
+	"internal/saferio"
 	"io"
 	"os"
 	"strings"
@@ -73,12 +74,7 @@ type Segment struct {
 
 // Data reads and returns the contents of the segment.
 func (s *Segment) Data() ([]byte, error) {
-	dat := make([]byte, s.sr.Size())
-	n, err := s.sr.ReadAt(dat, 0)
-	if n == len(dat) {
-		err = nil
-	}
-	return dat[0:n], err
+	return saferio.ReadDataAt(s.sr, s.Filesz, 0)
 }
 
 // Open returns a new ReadSeeker reading the segment.
@@ -126,12 +122,7 @@ type Section struct {
 
 // Data reads and returns the contents of the Mach-O section.
 func (s *Section) Data() ([]byte, error) {
-	dat := make([]byte, s.sr.Size())
-	n, err := s.sr.ReadAt(dat, 0)
-	if n == len(dat) {
-		err = nil
-	}
-	return dat[0:n], err
+	return saferio.ReadDataAt(s.sr, s.Size, 0)
 }
 
 // Open returns a new ReadSeeker reading the Mach-O section.