From: Dan Kortschak <dan@kortschak.io>
Date: Sat, 27 Aug 2022 03:19:25 +0000 (+0930)
Subject: debug/pe: be careful to avoid potential uint32 overflow
X-Git-Tag: go1.20rc1~1007
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=63d05642d48ec81637481518df962f2b3be435a3;p=gostls13.git

debug/pe: be careful to avoid potential uint32 overflow

Change-Id: Ic3c1c972bec39e14ea1af50ab2b5d887dac29eab
Reviewed-on: https://go-review.googlesource.com/c/go/+/426114
Reviewed-by: Bryan Mills <bcmills@google.com>
Auto-Submit: Dan Kortschak <dan@kortschak.io>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
---

diff --git a/src/debug/pe/file.go b/src/debug/pe/file.go
index 7adf3e122e..84bc300d92 100644
--- a/src/debug/pe/file.go
+++ b/src/debug/pe/file.go
@@ -353,7 +353,10 @@ func (f *File) ImportedSymbols() ([]string, error) {
 	var ds *Section
 	ds = nil
 	for _, s := range f.Sections {
-		if s.VirtualAddress <= idd.VirtualAddress && idd.VirtualAddress < s.VirtualAddress+s.VirtualSize {
+		// We are using distance between s.VirtualAddress and idd.VirtualAddress
+		// to avoid potential overflow of uint32 caused by addition of s.VirtualSize
+		// to s.VirtualAddress.
+		if s.VirtualAddress <= idd.VirtualAddress && idd.VirtualAddress-s.VirtualAddress < s.VirtualSize {
 			ds = s
 			break
 		}