debug/elf: check for negative shoff and phoff fields

No test because we could add an infinite number of tests of bogus data.

For #47653
Fixes #52035

Change-Id: Iec7e2fe23f2dd1cf14bad2475422f243f51028f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/396880
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>

diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go
index e93200a11d733ea94a780764c7ca0fb6348169d5..5f339596a7b80285dcee1227eee77413597079ba 100644 (file)
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@@ -325,6 +325,13 @@ func NewFile(r io.ReaderAt) (*File, error) {
                shstrndx = int(hdr.Shstrndx)
        }
 
+       if shoff < 0 {
+               return nil, &FormatError{0, "invalid shoff", shoff}
+       }
+       if phoff < 0 {
+               return nil, &FormatError{0, "invalid phoff", phoff}
+       }
+
        if shoff == 0 && shnum != 0 {
                return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
        }
@@ -419,6 +426,12 @@ func NewFile(r io.ReaderAt) (*File, error) {
                                Entsize:   sh.Entsize,
                        }
                }
+               if int64(s.Offset) < 0 {
+                       return nil, &FormatError{off, "invalid section offset", int64(s.Offset)}
+               }
+               if int64(s.FileSize) < 0 {
+                       return nil, &FormatError{off, "invalid section size", int64(s.FileSize)}
+               }
                s.sr = io.NewSectionReader(r, int64(s.Offset), int64(s.FileSize))
 
                if s.Flags&SHF_COMPRESSED == 0 {