From: Tobias Klauser <tklauser@distanz.ch>
Date: Thu, 1 Sep 2022 08:48:58 +0000 (+0200)
Subject: debug/macho: use saferio to allocate load command slice
X-Git-Tag: go1.20rc1~1255
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=553f02c6ae9d9dc124559b6711a47cb3e99c6348;p=gostls13.git

debug/macho: use saferio to allocate load command slice

Avoid allocating large amounts of memory for corrupt input.

No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.

Fixes #54780

Change-Id: Icdacb16bef7d29ef431da52e6d1da4e883a3e050
Reviewed-on: https://go-review.googlesource.com/c/go/+/427434
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
---

diff --git a/src/debug/macho/file.go b/src/debug/macho/file.go
index e35b4df508..3c95803371 100644
--- a/src/debug/macho/file.go
+++ b/src/debug/macho/file.go
@@ -249,8 +249,8 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	if f.Magic == Magic64 {
 		offset = fileHeaderSize64
 	}
-	dat := make([]byte, f.Cmdsz)
-	if _, err := r.ReadAt(dat, offset); err != nil {
+	dat, err := saferio.ReadDataAt(r, uint64(f.Cmdsz), offset)
+	if err != nil {
 		return nil, err
 	}
 	c := saferio.SliceCap([]Load{}, uint64(f.Ncmd))