debug/elf: use saferio.SliceCap when decoding ELF sections #56405

ZekeLu · 2022-10-24T23:32:05Z

This avoids allocating an overly large slice for corrupt input.

No test case because the problem can only happen for invalid data. Let
the fuzzer find cases like this.

Updates #33121.

This avoids allocating an overly large slice for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this.

gopherbot · 2022-10-24T23:37:07Z

This PR (HEAD: 6c62fc3) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/445076 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

gopherbot · 2022-10-24T23:46:26Z

Message from Ian Lance Taylor:

Patch Set 1: Run-TryBot+1

Please don’t reply on this GitHub thread. Visit golang.org/cl/445076.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2022-10-24T23:51:04Z

Message from Gopher Robot:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/445076.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2022-10-25T00:00:15Z

Message from Gopher Robot:

Patch Set 1: TryBot-Result+1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/445076.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2022-10-25T03:40:19Z

Message from Ian Lance Taylor:

Patch Set 1: Run-TryBot+1 Auto-Submit+1 Code-Review+2

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/445076.
After addressing review feedback, remember to publish your drafts!

rockdaboot

👍

I confirm that this change fixes the issue for me.

This avoids allocating an overly large slice for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Updates #33121. Change-Id: Ie2d947a3865d3499034286f2d08d3e3204015f3e GitHub-Last-Rev: 6c62fc3 GitHub-Pull-Request: #56405 Reviewed-on: https://go-review.googlesource.com/c/go/+/445076 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>

gopherbot · 2022-10-25T16:56:56Z

This PR is being closed because golang.org/cl/445076 has been merged.

rockdaboot · 2022-10-25T17:20:31Z

@ZekeLu Just out of curiosity (and for planning): Will the fix go into 1.19.3 or only into 1.20 ?
Because without the fix we can not always recover. Depending on the shnum value, there is either a recoverable panic or a fatal error (fatal error: runtime: out of memory). The error can not be recover()'ed from.

ZekeLu · 2022-10-25T17:38:36Z

Hi @rockdaboot, no backport request is created, so it won't go into 1.19.x.

If you want to make it capable for fuzzing, I think the following commits should be backported too:

I'm not sure whether they are qualified for backporting to the 1.19 branch. Maybe @ianlancetaylor can answer your question.

ianlancetaylor · 2022-10-25T23:34:36Z

I don't think these kinds of changes meet our backport criteria (https://go.dev/wiki/MinorReleases). Sorry.

rockdaboot · 2022-10-26T07:08:51Z

@ZekeLu Thanks GTN. I fuzz using latest master. But I think we have to roll out our own code to parse ELF files (we are mostly interested in getting symbols).

ianlancetaylor · 2022-10-26T23:54:01Z

it shouldn't be too hard to use your own copy of the master version of debug/elf for now.

This avoids allocating an overly large slice for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Updates golang#33121. Change-Id: Ie2d947a3865d3499034286f2d08d3e3204015f3e GitHub-Last-Rev: 6c62fc3 GitHub-Pull-Request: golang#56405 Reviewed-on: https://go-review.googlesource.com/c/go/+/445076 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com>

debug/elf: use saferio.SliceCap when decoding ELF sections

6c62fc3

This avoids allocating an overly large slice for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this.

rockdaboot approved these changes Oct 25, 2022

View reviewed changes

gopherbot closed this Oct 25, 2022

ZekeLu deleted the elf-shnum branch October 27, 2022 01:31

debug/elf: use saferio.SliceCap when decoding ELF sections #56405

debug/elf: use saferio.SliceCap when decoding ELF sections #56405

Uh oh!

Conversation

ZekeLu commented Oct 24, 2022

Uh oh!

gopherbot commented Oct 24, 2022

Uh oh!

gopherbot commented Oct 24, 2022

Uh oh!

gopherbot commented Oct 24, 2022

Uh oh!

gopherbot commented Oct 25, 2022

Uh oh!

gopherbot commented Oct 25, 2022

Uh oh!

rockdaboot left a comment

Choose a reason for hiding this comment

Uh oh!

gopherbot commented Oct 25, 2022

Uh oh!

rockdaboot commented Oct 25, 2022

Uh oh!

ZekeLu commented Oct 25, 2022

Uh oh!

ianlancetaylor commented Oct 25, 2022

Uh oh!

rockdaboot commented Oct 26, 2022

Uh oh!

ianlancetaylor commented Oct 26, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants