internal/xcoff: use saferio to allocate slices

No test case because the problem can only happen for invalid data. Let
the fuzzer find cases like this.

For #47653
Fixes #58754

Change-Id: Ic3ef58b204b946f8bff80310d4c8dfcbb2939a1c
Reviewed-on: https://go-review.googlesource.com/c/go/+/471678
Auto-Submit: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>

diff --git a/src/internal/xcoff/file.go b/src/internal/xcoff/file.go
index 536bd74c3042a6eee95e7bc3acd692aa2fe0a274..9135822f22704431cebdd9866d353f86ddf7704d 100644 (file)
--- a/src/internal/xcoff/file.go
+++ b/src/internal/xcoff/file.go
@@ -225,7 +225,11 @@ func NewFile(r io.ReaderAt) (*File, error) {
        if _, err := sr.Seek(int64(hdrsz)+int64(opthdr), io.SeekStart); err != nil {
                return nil, err
        }
-       f.Sections = make([]*Section, nscns)
+       c := saferio.SliceCap((**Section)(nil), uint64(nscns))
+       if c < 0 {
+               return nil, fmt.Errorf("too many XCOFF sections (%d)", nscns)
+       }
+       f.Sections = make([]*Section, 0, c)
        for i := 0; i < int(nscns); i++ {
                var scnptr uint64
                s := new(Section)
@@ -261,7 +265,7 @@ func NewFile(r io.ReaderAt) (*File, error) {
                }
                s.sr = io.NewSectionReader(r2, int64(scnptr), int64(s.Size))
                s.ReaderAt = s.sr
-               f.Sections[i] = s
+               f.Sections = append(f.Sections, s)
        }
 
        // Symbol map needed by relocation
@@ -388,34 +392,39 @@ func NewFile(r io.ReaderAt) (*File, error) {
 
        // Read relocations
        // Only for .data or .text section
-       for _, sect := range f.Sections {
+       for sectNum, sect := range f.Sections {
                if sect.Type != STYP_TEXT && sect.Type != STYP_DATA {
                        continue
                }
-               sect.Relocs = make([]Reloc, sect.Nreloc)
                if sect.Relptr == 0 {
                        continue
                }
+               c := saferio.SliceCap((*Reloc)(nil), uint64(sect.Nreloc))
+               if c < 0 {
+                       return nil, fmt.Errorf("too many relocs (%d) for section %d", sect.Nreloc, sectNum)
+               }
+               sect.Relocs = make([]Reloc, 0, c)
                if _, err := sr.Seek(int64(sect.Relptr), io.SeekStart); err != nil {
                        return nil, err
                }
                for i := uint32(0); i < sect.Nreloc; i++ {
+                       var reloc Reloc
                        switch f.TargetMachine {
                        case U802TOCMAGIC:
                                rel := new(Reloc32)
                                if err := binary.Read(sr, binary.BigEndian, rel); err != nil {
                                        return nil, err
                                }
-                               sect.Relocs[i].VirtualAddress = uint64(rel.Rvaddr)
-                               sect.Relocs[i].Symbol = idxToSym[int(rel.Rsymndx)]
-                               sect.Relocs[i].Type = rel.Rtype
-                               sect.Relocs[i].Length = rel.Rsize&0x3F + 1
+                               reloc.VirtualAddress = uint64(rel.Rvaddr)
+                               reloc.Symbol = idxToSym[int(rel.Rsymndx)]
+                               reloc.Type = rel.Rtype
+                               reloc.Length = rel.Rsize&0x3F + 1
 
                                if rel.Rsize&0x80 != 0 {
-                                       sect.Relocs[i].Signed = true
+                                       reloc.Signed = true
                                }
                                if rel.Rsize&0x40 != 0 {
-                                       sect.Relocs[i].InstructionFixed = true
+                                       reloc.InstructionFixed = true
                                }
 
                        case U64_TOCMAGIC:
@@ -423,17 +432,19 @@ func NewFile(r io.ReaderAt) (*File, error) {
                                if err := binary.Read(sr, binary.BigEndian, rel); err != nil {
                                        return nil, err
                                }
-                               sect.Relocs[i].VirtualAddress = rel.Rvaddr
-                               sect.Relocs[i].Symbol = idxToSym[int(rel.Rsymndx)]
-                               sect.Relocs[i].Type = rel.Rtype
-                               sect.Relocs[i].Length = rel.Rsize&0x3F + 1
+                               reloc.VirtualAddress = rel.Rvaddr
+                               reloc.Symbol = idxToSym[int(rel.Rsymndx)]
+                               reloc.Type = rel.Rtype
+                               reloc.Length = rel.Rsize&0x3F + 1
                                if rel.Rsize&0x80 != 0 {
-                                       sect.Relocs[i].Signed = true
+                                       reloc.Signed = true
                                }
                                if rel.Rsize&0x40 != 0 {
-                                       sect.Relocs[i].InstructionFixed = true
+                                       reloc.InstructionFixed = true
                                }
                        }
+
+                       sect.Relocs = append(sect.Relocs, reloc)
                }
        }