From 38f0a829aa041cbe5f694da52d733352aa5b70bc Mon Sep 17 00:00:00 2001
From: Michael Pratt <mpratt@google.com>
Date: Thu, 1 Aug 2024 10:17:14 -0400
Subject: [PATCH] debug/buildid: treat too large string as "not a Go
 executable"

If the length does not fit in int, saferio.ReadDataAt returns
io.ErrUnexpectedEOF. Treat is as an invalid format.

Fixes #68692.
For #68592.

Cq-Include-Trybots: luci.golang.try:gotip-linux-386-longtest
Change-Id: Ie856f29c907fd10e6d9b7dfbb6f0d8008a75a1c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/602435
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 src/debug/buildinfo/buildinfo.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/debug/buildinfo/buildinfo.go b/src/debug/buildinfo/buildinfo.go
index fa02344cd3..f3d38b26e8 100644
--- a/src/debug/buildinfo/buildinfo.go
+++ b/src/debug/buildinfo/buildinfo.go
@@ -295,6 +295,10 @@ func decodeString(x exe, addr uint64) (string, uint64, error) {
 
 	b, err = readData(x, addr, length)
 	if err != nil {
+		if err == io.ErrUnexpectedEOF {
+			// Length too large to allocate. Clearly bogus value.
+			return "", 0, errNotGoExe
+		}
 		return "", 0, err
 	}
 	if uint64(len(b)) < length {
-- 
2.48.1