From 553f02c6ae9d9dc124559b6711a47cb3e99c6348 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Thu, 1 Sep 2022 10:48:58 +0200
Subject: [PATCH] debug/macho: use saferio to allocate load command slice

Avoid allocating large amounts of memory for corrupt input.

No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.

Fixes #54780

Change-Id: Icdacb16bef7d29ef431da52e6d1da4e883a3e050
Reviewed-on: https://go-review.googlesource.com/c/go/+/427434
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
---
 src/debug/macho/file.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/debug/macho/file.go b/src/debug/macho/file.go
index e35b4df508..3c95803371 100644
--- a/src/debug/macho/file.go
+++ b/src/debug/macho/file.go
@@ -249,8 +249,8 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	if f.Magic == Magic64 {
 		offset = fileHeaderSize64
 	}
-	dat := make([]byte, f.Cmdsz)
-	if _, err := r.ReadAt(dat, offset); err != nil {
+	dat, err := saferio.ReadDataAt(r, uint64(f.Cmdsz), offset)
+	if err != nil {
 		return nil, err
 	}
 	c := saferio.SliceCap([]Load{}, uint64(f.Ncmd))
-- 
2.50.0