From db3e915af2f5053c96ad1f33502a752768965676 Mon Sep 17 00:00:00 2001
From: Than McIntosh <thanm@google.com>
Date: Mon, 22 Aug 2022 07:59:49 -0400
Subject: [PATCH] internal/xcoff: better handling of malformed symbol tables

Check for malformed data when reading the number of aux
symbols associated with a symbol table entry.

Fixes #54584.

Change-Id: Ic2a8d4d6a1d481d585a065b8182de86294c3d3d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/425049
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Than McIntosh <thanm@google.com>
---
 src/internal/xcoff/file.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/internal/xcoff/file.go b/src/internal/xcoff/file.go
index 1c5a266caf..e859de932a 100644
--- a/src/internal/xcoff/file.go
+++ b/src/internal/xcoff/file.go
@@ -283,6 +283,9 @@ func NewFile(r io.ReaderAt) (*File, error) {
 				return nil, err
 			}
 			numaux = int(se.Nnumaux)
+			if numaux < 0 {
+				return nil, fmt.Errorf("malformed symbol table, invalid number of aux symbols")
+			}
 			sym.SectionNumber = int(se.Nscnum)
 			sym.StorageClass = int(se.Nsclass)
 			sym.Value = uint64(se.Nvalue)
@@ -303,6 +306,9 @@ func NewFile(r io.ReaderAt) (*File, error) {
 				return nil, err
 			}
 			numaux = int(se.Nnumaux)
+			if numaux < 0 {
+				return nil, fmt.Errorf("malformed symbol table, invalid number of aux symbols")
+			}
 			sym.SectionNumber = int(se.Nscnum)
 			sym.StorageClass = int(se.Nsclass)
 			sym.Value = se.Nvalue
-- 
2.48.1