debug/elf: validate offset and file size ranges

kortschak · gopherbot · commit dbd0ce84d7c1 · 2022-08-29T20:04:56.000Z
Change-Id: Iebe31b91c6e81438120f50a8089a8efca3d5339d Reviewed-on: https://go-review.googlesource.com/c/go/+/426115 Run-TryBot: Dan Kortschak <dan@kortschak.io> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Heschi Kreinick <heschi@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go
@@ -377,6 +377,12 @@ func NewFile(r io.ReaderAt) (*File, error) {
 				Align:  ph.Align,
 			}
 		}
+		if int64(p.Off) < 0 {
+			return nil, &FormatError{off, "invalid program header offset", p.Off}
+		}
+		if int64(p.Filesz) < 0 {
+			return nil, &FormatError{off, "invalid program header file size", p.Filesz}
+		}
 		p.sr = io.NewSectionReader(r, int64(p.Off), int64(p.Filesz))
 		p.ReaderAt = p.sr
 		f.Progs[i] = p

Original file line number	Diff line number	Diff line change
`@@ -377,6 +377,12 @@ func NewFile(r io.ReaderAt) (*File, error) {`
`377`	`377`	`Align: ph.Align,`
`378`	`378`	`}`
`379`	`379`	`}`
	`380`	`+ if int64(p.Off) < 0 {`
	`381`	`+ return nil, &FormatError{off, "invalid program header offset", p.Off}`
	`382`	`+ }`
	`383`	`+ if int64(p.Filesz) < 0 {`
	`384`	`+ return nil, &FormatError{off, "invalid program header file size", p.Filesz}`
	`385`	`+ }`
`380`	`386`	`p.sr = io.NewSectionReader(r, int64(p.Off), int64(p.Filesz))`
`381`	`387`	`p.ReaderAt = p.sr`
`382`	`388`	`f.Progs[i] = p`