go/internal/gcimporter: use saferio to read indexed data

Avoid allocating large amounts of memory for corrupt input.

No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.

Fixes #53787

Change-Id: I1b75a4c000b8d1112110309ec44b0ba9b4638d71
Reviewed-on: https://go-review.googlesource.com/c/go/+/416861
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dan Kortschak <dan@kortschak.io>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>

diff --git a/src/go/internal/gcimporter/iimport.go b/src/go/internal/gcimporter/iimport.go
index f9eaa0b10cc5bf98185d8d11601b2d543c493feb..cc0818dd9a9e408bb4da889ddeb46a1a14e22641 100644 (file)
--- a/src/go/internal/gcimporter/iimport.go
+++ b/src/go/internal/gcimporter/iimport.go
@@ -15,7 +15,9 @@ import (
        "go/constant"
        "go/token"
        "go/types"
+       "internal/saferio"
        "io"
+       "math"
        "math/big"
        "sort"
        "strings"
@@ -103,12 +105,16 @@ func iImportData(fset *token.FileSet, imports map[string]*types.Package, dataRea
                errorf("unknown iexport format version %d", version)
        }
 
-       sLen := int64(r.uint64())
-       dLen := int64(r.uint64())
+       sLen := r.uint64()
+       dLen := r.uint64()
 
-       data := make([]byte, sLen+dLen)
-       if _, err := io.ReadFull(r, data); err != nil {
-               errorf("cannot read %d bytes of stringData and declData: %s", len(data), err)
+       if sLen > math.MaxUint64-dLen {
+               errorf("lengths out of range (%d, %d)", sLen, dLen)
+       }
+
+       data, err := saferio.ReadData(r, sLen+dLen)
+       if err != nil {
+               errorf("cannot read %d bytes of stringData and declData: %s", sLen+dLen, err)
        }
        stringData := data[:sLen]
        declData := data[sLen:]