Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

debug/elf: makeslice: len out of range #10997

Closed
dvyukov opened this issue May 30, 2015 · 3 comments
Closed

debug/elf: makeslice: len out of range #10997

dvyukov opened this issue May 30, 2015 · 3 comments

Comments

@dvyukov
Copy link
Member

dvyukov commented May 30, 2015

The following program crashes with the panic on the provided input:

package main

import (
    "bytes"
    "debug/elf"
    "io/ioutil"
    "os"
)

func main() {
    data, _ := ioutil.ReadFile(os.Args[1])
    f, err := elf.NewFile(bytes.NewReader(data))
    if err != nil {
        if f != nil {
            panic("file is not nil on error")
        }
        return
    }
    defer f.Close()
    f.DynamicSymbols()
    f.ImportedLibraries()
    f.ImportedSymbols()
    f.Section(".data")
    f.SectionByType(elf.SHT_GNU_VERSYM)
    f.Symbols()
    dw, err := f.DWARF()
    if err != nil {
        if dw != nil {
            panic("dwarf is not nil on error")
        }
        return
    }
    dr := dw.Reader()
    for {
        e, _ := dr.Next()
        if e == nil {
            break
        }
    }
}
panic: runtime error: makeslice: len out of range

goroutine 1 [running]:
debug/elf.(*Section).Data(0xc208020ea0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/debug/elf/file.go:78 +0x6e
debug/elf.NewFile(0x7ff342f88260, 0xc208014480, 0x645940, 0x0, 0x0)
    src/debug/elf/file.go:380 +0x111b
main.main()
    elftest.go:12 +0x11d

The input is:
https://drive.google.com/file/d/0B20Uwp8Hs1oCZUhqS3RiWFRja1U/view?usp=sharing

on commit 596bb76

@dvyukov dvyukov added this to the Go1.5 milestone May 30, 2015
@dvyukov
Copy link
Member Author

dvyukov commented May 30, 2015

/cc @ianlancetaylor @davecheney

Data could check the claimed section size as:

func (s *Section) Data() ([]byte, error) {
+   if s.sr.Size() == 0 {
+       return nil, nil
+   }
+   var tmp [1]byte
+   if err := s.sr.ReadAt(tmp[:], s.sr.Size()-1); err != nil {
+       return nil, err
+   }
    dat := make([]byte, s.sr.Size())
    n, err := s.sr.ReadAt(dat, 0)
    if n == len(dat) {
        err = nil
    }
    return dat[0:n], err
}

@rsc
Copy link
Contributor

rsc commented Jun 1, 2015

It's too late in the Go 1.5 release process for fuzzer bugs. The chance of hitting any of these is so low that the benefit of the fix is outweighed by the chance of the fix introducing a more serious bug.

@rsc rsc modified the milestones: Unplanned, Go1.5 Jun 1, 2015
@ALTree
Copy link
Member

ALTree commented Feb 5, 2017

Fixed on the latest version (tried both go1.7 and go1.8).

@ALTree ALTree closed this as completed Feb 5, 2017
@golang golang locked and limited conversation to collaborators Feb 5, 2018
@rsc rsc removed their assignment Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants