debug/pe: be careful to avoid potential uint32 overflow

Change-Id: Ic3c1c972bec39e14ea1af50ab2b5d887dac29eab
Reviewed-on: https://go-review.googlesource.com/c/go/+/426114
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Dan Kortschak <dan@kortschak.io>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>

diff --git a/src/debug/pe/file.go b/src/debug/pe/file.go
index 7adf3e122e7b742eb9a82faef591b229f87190bd..84bc300d923e6e303b81f5e2a6eb7e430c92d25b 100644 (file)
--- a/src/debug/pe/file.go
+++ b/src/debug/pe/file.go
@@ -353,7 +353,10 @@ func (f *File) ImportedSymbols() ([]string, error) {
        var ds *Section
        ds = nil
        for _, s := range f.Sections {
-               if s.VirtualAddress <= idd.VirtualAddress && idd.VirtualAddress < s.VirtualAddress+s.VirtualSize {
+               // We are using distance between s.VirtualAddress and idd.VirtualAddress
+               // to avoid potential overflow of uint32 caused by addition of s.VirtualSize
+               // to s.VirtualAddress.
+               if s.VirtualAddress <= idd.VirtualAddress && idd.VirtualAddress-s.VirtualAddress < s.VirtualSize {
                        ds = s
                        break
                }