debug/macho: use saferio to allocate load command slice

Avoid allocating large amounts of memory for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #54780 Change-Id: Icdacb16bef7d29ef431da52e6d1da4e883a3e050 Reviewed-on: https://go-review.googlesource.com/c/go/+/427434 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Heschi Kreinick <heschi@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
2024-11-18 12:54:44 -07:00 · 2022-09-01 10:48:58 +02:00 · 2022-09-01 10:48:58 +02:00 · 553f02c6ae
commit 553f02c6ae
parent 6605686e3b
1 changed files with 2 additions and 2 deletions
--- a/src/debug/macho/file.go
+++ b/src/debug/macho/file.go
@ -249,8 +249,8 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	if f.Magic == Magic64 {
 		offset = fileHeaderSize64
 	}
-	dat := make([]byte, f.Cmdsz)
-	if _, err := r.ReadAt(dat, offset); err != nil {
+	dat, err := saferio.ReadDataAt(r, uint64(f.Cmdsz), offset)
+	if err != nil {
 		return nil, err
 	}
 	c := saferio.SliceCap([]Load{}, uint64(f.Ncmd))