From: Ian Lance Taylor <iant@golang.org>
Date: Tue, 12 Jul 2022 01:50:03 +0000 (-0700)
Subject: go/internal/gcimporter: use saferio to read indexed data
X-Git-Tag: go1.20rc1~1494
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=375a80c9ef521404f1d972ad82719f90bc3a019f;p=gostls13.git

go/internal/gcimporter: use saferio to read indexed data

Avoid allocating large amounts of memory for corrupt input.

No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.

Fixes #53787

Change-Id: I1b75a4c000b8d1112110309ec44b0ba9b4638d71
Reviewed-on: https://go-review.googlesource.com/c/go/+/416861
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dan Kortschak <dan@kortschak.io>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
---

diff --git a/src/go/internal/gcimporter/iimport.go b/src/go/internal/gcimporter/iimport.go
index f9eaa0b10c..cc0818dd9a 100644
--- a/src/go/internal/gcimporter/iimport.go
+++ b/src/go/internal/gcimporter/iimport.go
@@ -15,7 +15,9 @@ import (
 	"go/constant"
 	"go/token"
 	"go/types"
+	"internal/saferio"
 	"io"
+	"math"
 	"math/big"
 	"sort"
 	"strings"
@@ -103,12 +105,16 @@ func iImportData(fset *token.FileSet, imports map[string]*types.Package, dataRea
 		errorf("unknown iexport format version %d", version)
 	}
 
-	sLen := int64(r.uint64())
-	dLen := int64(r.uint64())
+	sLen := r.uint64()
+	dLen := r.uint64()
 
-	data := make([]byte, sLen+dLen)
-	if _, err := io.ReadFull(r, data); err != nil {
-		errorf("cannot read %d bytes of stringData and declData: %s", len(data), err)
+	if sLen > math.MaxUint64-dLen {
+		errorf("lengths out of range (%d, %d)", sLen, dLen)
+	}
+
+	data, err := saferio.ReadData(r, sLen+dLen)
+	if err != nil {
+		errorf("cannot read %d bytes of stringData and declData: %s", sLen+dLen, err)
 	}
 	stringData := data[:sLen]
 	declData := data[sLen:]