diff options
author | Tobias Klauser <tklauser@distanz.ch> | 2022-09-01 10:48:58 +0200 |
---|---|---|
committer | Gopher Robot <gobot@golang.org> | 2022-09-02 17:48:30 +0000 |
commit | 553f02c6ae9d9dc124559b6711a47cb3e99c6348 (patch) | |
tree | 9dec9a69a45a1c9b34cf199c3acf3af032aa3b47 /src/debug | |
parent | 6605686e3b503a1d82a526e3970ce4c93f7e2106 (diff) | |
download | go-git-553f02c6ae9d9dc124559b6711a47cb3e99c6348.tar.gz |
debug/macho: use saferio to allocate load command slice
Avoid allocating large amounts of memory for corrupt input.
No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.
Fixes #54780
Change-Id: Icdacb16bef7d29ef431da52e6d1da4e883a3e050
Reviewed-on: https://go-review.googlesource.com/c/go/+/427434
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Diffstat (limited to 'src/debug')
-rw-r--r-- | src/debug/macho/file.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/debug/macho/file.go b/src/debug/macho/file.go index e35b4df508..3c95803371 100644 --- a/src/debug/macho/file.go +++ b/src/debug/macho/file.go @@ -249,8 +249,8 @@ func NewFile(r io.ReaderAt) (*File, error) { if f.Magic == Magic64 { offset = fileHeaderSize64 } - dat := make([]byte, f.Cmdsz) - if _, err := r.ReadAt(dat, offset); err != nil { + dat, err := saferio.ReadDataAt(r, uint64(f.Cmdsz), offset) + if err != nil { return nil, err } c := saferio.SliceCap([]Load{}, uint64(f.Ncmd)) |