From 109a18dce7ef8ecb2aa60cef25362ebd05661ea0 Mon Sep 17 00:00:00 2001
From: Ian Lance Taylor <iant@golang.org>
Date: Wed, 30 Mar 2022 18:47:11 -0700
Subject: [PATCH] debug/elf: check for negative shoff and phoff fields

No test because we could add an infinite number of tests of bogus data.

For #47653
Fixes #52035

Change-Id: Iec7e2fe23f2dd1cf14bad2475422f243f51028f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/396880
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
---
 src/debug/elf/file.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/debug/elf/file.go b/src/debug/elf/file.go
index e93200a11d..5f339596a7 100644
--- a/src/debug/elf/file.go
+++ b/src/debug/elf/file.go
@@ -325,6 +325,13 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		shstrndx = int(hdr.Shstrndx)
 	}
 
+	if shoff < 0 {
+		return nil, &FormatError{0, "invalid shoff", shoff}
+	}
+	if phoff < 0 {
+		return nil, &FormatError{0, "invalid phoff", phoff}
+	}
+
 	if shoff == 0 && shnum != 0 {
 		return nil, &FormatError{0, "invalid ELF shnum for shoff=0", shnum}
 	}
@@ -419,6 +426,12 @@ func NewFile(r io.ReaderAt) (*File, error) {
 				Entsize:   sh.Entsize,
 			}
 		}
+		if int64(s.Offset) < 0 {
+			return nil, &FormatError{off, "invalid section offset", int64(s.Offset)}
+		}
+		if int64(s.FileSize) < 0 {
+			return nil, &FormatError{off, "invalid section size", int64(s.FileSize)}
+		}
 		s.sr = io.NewSectionReader(r, int64(s.Offset), int64(s.FileSize))
 
 		if s.Flags&SHF_COMPRESSED == 0 {
-- 
2.50.0