From d1eb9c8e0d4a9903c3b94e41aacc73117cc400e6 Mon Sep 17 00:00:00 2001
From: Anthony Martin <ality@pbrane.org>
Date: Wed, 27 Mar 2013 05:59:06 -0700
Subject: [PATCH] libmach: respect symbol table boundaries

Since fp->symsz includes the size of the header
in the new symbol table format, we were reading
past the end and decoding a few garbage symbols
from data in the pc/line table.

R=rsc, r
CC=golang-dev
https://golang.org/cl/7993043
---
 src/libmach/sym.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/libmach/sym.c b/src/libmach/sym.c
index 120328d09a..28c80d6413 100644
--- a/src/libmach/sym.c
+++ b/src/libmach/sym.c
@@ -109,7 +109,7 @@ int
 syminit(int fd, Fhdr *fp)
 {
 	Sym *p;
-	int32 i, l, size;
+	int32 i, l, size, symsz;
 	vlong vl;
 	Biobuf b;
 	int svalsz, newformat, shift;
@@ -138,6 +138,7 @@ syminit(int fd, Fhdr *fp)
 	memset(buf, 0, sizeof buf);
 	Bread(&b, buf, sizeof buf);
 	newformat = 0;
+	symsz = fp->symsz;
 	if(memcmp(buf, "\xfd\xff\xff\xff\x00\x00\x00", 7) == 0) {
 		swav = leswav;
 		swal = leswal;
@@ -151,6 +152,7 @@ syminit(int fd, Fhdr *fp)
 		swav = leswav;
 		swal = leswal;
 		Bseek(&b, fp->symoff+6, 0);
+		symsz -= 6;
 	} else {
 		Bseek(&b, fp->symoff, 0);
 	}
@@ -161,11 +163,12 @@ syminit(int fd, Fhdr *fp)
 			werrstr("invalid word size %d bytes", svalsz);
 			return -1;
 		}
+		symsz -= 8;
 	}
 
 	nsym = 0;
 	size = 0;
-	for(p = symbols; size < fp->symsz; p++, nsym++) {
+	for(p = symbols; size < symsz; p++, nsym++) {
 		if(newformat) {
 			// Go 1.1 format. See comment at top of ../pkg/runtime/symtab.c.
 			if(Bread(&b, &c, 1) != 1)
-- 
2.50.0