From: Ian Lance Taylor Date: Tue, 27 Sep 2022 01:24:03 +0000 (-0700) Subject: debug/dwarf: don't crash on invalid range/rnglist offset X-Git-Tag: go1.20rc1~912 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=c929a5b855e5d1680a70c5e1ab11a4933655d66c;p=gostls13.git debug/dwarf: don't crash on invalid range/rnglist offset No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #53529 Change-Id: I318c87795e545fe5a006d16b4d361cd4bf5d502d Reviewed-on: https://go-review.googlesource.com/c/go/+/434936 Run-TryBot: Ian Lance Taylor Reviewed-by: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Gopher Robot Auto-Submit: Ian Lance Taylor Reviewed-by: Than McIntosh --- diff --git a/src/debug/dwarf/entry.go b/src/debug/dwarf/entry.go index 6f80d07503..7f48ff3a04 100644 --- a/src/debug/dwarf/entry.go +++ b/src/debug/dwarf/entry.go @@ -13,6 +13,7 @@ package dwarf import ( "encoding/binary" "errors" + "fmt" "strconv" ) @@ -1103,6 +1104,9 @@ func (d *Data) baseAddressForEntry(e *Entry) (*Entry, uint64, error) { } func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) { + if ranges > int64(len(d.ranges)) { + return nil, fmt.Errorf("invalid range offset %d (max %d)", ranges, len(d.ranges)) + } buf := makeBuf(d, u, "ranges", Offset(ranges), d.ranges[ranges:]) for len(buf.data) > 0 { low := buf.addr() @@ -1125,6 +1129,9 @@ func (d *Data) dwarf2Ranges(u *unit, base uint64, ranges int64, ret [][2]uint64) // dwarf5Ranges interprets a debug_rnglists sequence, see DWARFv5 section // 2.17.3 (page 53). func (d *Data) dwarf5Ranges(u *unit, cu *Entry, base uint64, ranges int64, ret [][2]uint64) ([][2]uint64, error) { + if ranges > int64(len(d.rngLists)) { + return nil, fmt.Errorf("invalid rnglist offset %d (max %d)", ranges, len(d.ranges)) + } var addrBase int64 if cu != nil { addrBase, _ = cu.Val(AttrAddrBase).(int64)