internal/xcoff: use saferio to allocate slices

ianlancetaylor · gopherbot · commit 62043a6cd5fa · 2023-02-28T18:09:18.000Z
No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. For #47653 Fixes #58754 Change-Id: Ic3ef58b204b946f8bff80310d4c8dfcbb2939a1c Reviewed-on: https://go-review.googlesource.com/c/go/+/471678 Auto-Submit: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com>
diff --git a/src/internal/xcoff/file.go b/src/internal/xcoff/file.go
@@ -225,7 +225,11 @@ func NewFile(r io.ReaderAt) (*File, error) {
 	if _, err := sr.Seek(int64(hdrsz)+int64(opthdr), io.SeekStart); err != nil {
 		return nil, err
 	}
-	f.Sections = make([]*Section, nscns)
+	c := saferio.SliceCap((**Section)(nil), uint64(nscns))
+	if c < 0 {
+		return nil, fmt.Errorf("too many XCOFF sections (%d)", nscns)
+	}
+	f.Sections = make([]*Section, 0, c)
 	for i := 0; i < int(nscns); i++ {
 		var scnptr uint64
 		s := new(Section)
@@ -261,7 +265,7 @@ func NewFile(r io.ReaderAt) (*File, error) {
 		}
 		s.sr = io.NewSectionReader(r2, int64(scnptr), int64(s.Size))
 		s.ReaderAt = s.sr
-		f.Sections[i] = s
+		f.Sections = append(f.Sections, s)
 	}
 
 	// Symbol map needed by relocation
@@ -388,52 +392,59 @@ func NewFile(r io.ReaderAt) (*File, error) {
 
 	// Read relocations
 	// Only for .data or .text section
-	for _, sect := range f.Sections {
+	for sectNum, sect := range f.Sections {
 		if sect.Type != STYP_TEXT && sect.Type != STYP_DATA {
 			continue
 		}
-		sect.Relocs = make([]Reloc, sect.Nreloc)
 		if sect.Relptr == 0 {
 			continue
 		}
+		c := saferio.SliceCap((*Reloc)(nil), uint64(sect.Nreloc))
+		if c < 0 {
+			return nil, fmt.Errorf("too many relocs (%d) for section %d", sect.Nreloc, sectNum)
+		}
+		sect.Relocs = make([]Reloc, 0, c)
 		if _, err := sr.Seek(int64(sect.Relptr), io.SeekStart); err != nil {
 			return nil, err
 		}
 		for i := uint32(0); i < sect.Nreloc; i++ {
+			var reloc Reloc
 			switch f.TargetMachine {
 			case U802TOCMAGIC:
 				rel := new(Reloc32)
 				if err := binary.Read(sr, binary.BigEndian, rel); err != nil {
 					return nil, err
 				}
-				sect.Relocs[i].VirtualAddress = uint64(rel.Rvaddr)
-				sect.Relocs[i].Symbol = idxToSym[int(rel.Rsymndx)]
-				sect.Relocs[i].Type = rel.Rtype
-				sect.Relocs[i].Length = rel.Rsize&0x3F + 1
+				reloc.VirtualAddress = uint64(rel.Rvaddr)
+				reloc.Symbol = idxToSym[int(rel.Rsymndx)]
+				reloc.Type = rel.Rtype
+				reloc.Length = rel.Rsize&0x3F + 1
 
 				if rel.Rsize&0x80 != 0 {
-					sect.Relocs[i].Signed = true
+					reloc.Signed = true
 				}
 				if rel.Rsize&0x40 != 0 {
-					sect.Relocs[i].InstructionFixed = true
+					reloc.InstructionFixed = true
 				}
 
 			case U64_TOCMAGIC:
 				rel := new(Reloc64)
 				if err := binary.Read(sr, binary.BigEndian, rel); err != nil {
 					return nil, err
 				}
-				sect.Relocs[i].VirtualAddress = rel.Rvaddr
-				sect.Relocs[i].Symbol = idxToSym[int(rel.Rsymndx)]
-				sect.Relocs[i].Type = rel.Rtype
-				sect.Relocs[i].Length = rel.Rsize&0x3F + 1
+				reloc.VirtualAddress = rel.Rvaddr
+				reloc.Symbol = idxToSym[int(rel.Rsymndx)]
+				reloc.Type = rel.Rtype
+				reloc.Length = rel.Rsize&0x3F + 1
 				if rel.Rsize&0x80 != 0 {
-					sect.Relocs[i].Signed = true
+					reloc.Signed = true
 				}
 				if rel.Rsize&0x40 != 0 {
-					sect.Relocs[i].InstructionFixed = true
+					reloc.InstructionFixed = true
 				}
 			}
+
+			sect.Relocs = append(sect.Relocs, reloc)
 		}
 	}
 
