debug/elf: makeslice: len out of range
dvyukov opened this issue · 3 comments
dvyukov commented
The following program crashes with the panic on the provided input:
package main
import (
"bytes"
"debug/elf"
"io/ioutil"
"os"
)
func main() {
data, _ := ioutil.ReadFile(os.Args[1])
f, err := elf.NewFile(bytes.NewReader(data))
if err != nil {
if f != nil {
panic("file is not nil on error")
}
return
}
defer f.Close()
f.DynamicSymbols()
f.ImportedLibraries()
f.ImportedSymbols()
f.Section(".data")
f.SectionByType(elf.SHT_GNU_VERSYM)
f.Symbols()
dw, err := f.DWARF()
if err != nil {
if dw != nil {
panic("dwarf is not nil on error")
}
return
}
dr := dw.Reader()
for {
e, _ := dr.Next()
if e == nil {
break
}
}
}panic: runtime error: makeslice: len out of range
goroutine 1 [running]:
debug/elf.(*Section).Data(0xc208020ea0, 0x0, 0x0, 0x0, 0x0, 0x0)
src/debug/elf/file.go:78 +0x6e
debug/elf.NewFile(0x7ff342f88260, 0xc208014480, 0x645940, 0x0, 0x0)
src/debug/elf/file.go:380 +0x111b
main.main()
elftest.go:12 +0x11d
The input is:
https://drive.google.com/file/d/0B20Uwp8Hs1oCZUhqS3RiWFRja1U/view?usp=sharing
on commit 596bb76
dvyukov commented
/cc @ianlancetaylor @davecheney
Data could check the claimed section size as:
func (s *Section) Data() ([]byte, error) {
+ if s.sr.Size() == 0 {
+ return nil, nil
+ }
+ var tmp [1]byte
+ if err := s.sr.ReadAt(tmp[:], s.sr.Size()-1); err != nil {
+ return nil, err
+ }
dat := make([]byte, s.sr.Size())
n, err := s.sr.ReadAt(dat, 0)
if n == len(dat) {
err = nil
}
return dat[0:n], err
}rsc commented
It's too late in the Go 1.5 release process for fuzzer bugs. The chance of hitting any of these is so low that the benefit of the fix is outweighed by the chance of the fix introducing a more serious bug.
ALTree commented
Fixed on the latest version (tried both go1.7 and go1.8).