From: Ian Lance Taylor <iant@golang.org>
Date: Thu, 14 Apr 2022 23:25:43 +0000 (-0700)
Subject: debug/pe: read string table in 10M chunks
X-Git-Tag: go1.19beta1~653
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=0c6d8bb109adfa188190b2e6de59b88853ded378;p=gostls13.git

debug/pe: read string table in 10M chunks

No separate test because this makes no difference for valid PE files.

Fixes #52350

Change-Id: I2aa011a4e8b34cb08052222e94c52627ebe99fbf
Reviewed-on: https://go-review.googlesource.com/c/go/+/400378
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
---

diff --git a/src/debug/pe/string.go b/src/debug/pe/string.go
index cab0366ade..6d9023d8d6 100644
--- a/src/debug/pe/string.go
+++ b/src/debug/pe/string.go
@@ -44,8 +44,29 @@ func readStringTable(fh *FileHeader, r io.ReadSeeker) (StringTable, error) {
 		return nil, nil
 	}
 	l -= 4
-	buf := make([]byte, l)
-	_, err = io.ReadFull(r, buf)
+
+	// If the string table is large, the file may be corrupt.
+	// Read in chunks to avoid crashing due to out of memory.
+	const chunk = 10 << 20 // 10M
+	var buf []byte
+	if l < chunk {
+		buf = make([]byte, l)
+		_, err = io.ReadFull(r, buf)
+	} else {
+		for l > 0 {
+			n := l
+			if n > chunk {
+				n = chunk
+			}
+			buf1 := make([]byte, n)
+			_, err = io.ReadFull(r, buf1)
+			if err != nil {
+				break
+			}
+			buf = append(buf, buf1...)
+			l -= n
+		}
+	}
 	if err != nil {
 		return nil, fmt.Errorf("fail to read string table: %v", err)
 	}