debug/dwarf: don't crash on negative range/rnglist offset

No test case because the problem can only happen for invalid data. Let
the fuzzer find cases like this.

Fixes #55948

Change-Id: I7ba40ba928d2a14d4ac5b39f966173f3868d4729
Reviewed-on: https://go-review.googlesource.com/c/go/+/436876
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>

diff --git a/src/debug/dwarf/entry.go b/src/debug/dwarf/entry.go
index 7f48ff3a04176391955ee85aba79c75b490fc223..2f804f88ee029810236ee914840899dcb5e9a92a 100644 (file)
--- a/src/debug/dwarf/entry.go
+++ b/src/debug/dwarf/entry.go
@@ -1104,7 +1104,7 @@ func (d *Data) baseAddressForEntry(e *Entry) (*Entry, uint64, error) {
 }
 
 func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) {
-       if ranges > int64(len(d.ranges)) {
+       if ranges < 0 || ranges > int64(len(d.ranges)) {
                return nil, fmt.Errorf("invalid range offset %d (max %d)", ranges, len(d.ranges))
        }
        buf := makeBuf(d, u, "ranges", Offset(ranges), d.ranges[ranges:])
@@ -1129,7 +1129,7 @@ func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64)
 // dwarf5Ranges interprets a debug_rnglists sequence, see DWARFv5 section
 // 2.17.3 (page 53).
 func (d *Data) dwarf5Ranges(u *unit, cu *Entry, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) {
-       if ranges > int64(len(d.rngLists)) {
+       if ranges < 0 || ranges > int64(len(d.rngLists)) {
                return nil, fmt.Errorf("invalid rnglist offset %d (max %d)", ranges, len(d.ranges))
        }
        var addrBase int64