Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7379

debug/elf doesn't check the section size

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Undefined Undefined
    • None
    • rhel-9.1.0
    • go-toolset
    • None
    • None
    • 2
    • rhel-sst-pt-llvm-rust-go
    • ssg_platform_tools
    • 2
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • Sprint 6, Sprint 7
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      An arbitrary ELF panics.

      Version-Release number of selected component (if applicable):
      1.18.9

      How reproducible:
      Always

      Steps to Reproduce:
      1. $ cat main.go
      package main

      import (
      "debug/elf"
      "fmt"
      "strings"
      )

      func main() {
      data := "\u007fELF\x02\x01\x010000000000000" +
      "\x010000000000000000000" +
      "\x02\x00\x00\x00\x00\x00\x00\x0000000000\x00\x00\x00\x00" +
      "000\x0000"

      _, err := elf.NewFile(strings.NewReader(data))
      if err != nil

      { fmt.Println(err) }

      }

      2. go build main.go
      3. ./main

      Actual results:
      panic: runtime error: makeslice: len out of range

      goroutine 1 [running]:
      debug/elf.(*Section).Data(0xc0000ff800)
      /usr/lib/golang/src/debug/elf/file.go:105 +0x30
      debug/elf.NewFile(

      {0x4cf0a8?, 0xc0000dc000}

      )
      /usr/lib/golang/src/debug/elf/file.go:459 +0x1252
      main.main()
      /root/main.go:15 +0x56

      Expected results:
      no panic

      Additional info:
      https://github.com/golang/go/issues/33121

              asaezmor Alejandro Saez Morollon
              asaezmor Alejandro Saez Morollon
              Alejandro Saez Morollon Alejandro Saez Morollon
              Edjunior Machado Edjunior Machado
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: