- 
                Notifications
    You must be signed in to change notification settings 
- Fork 18.4k
debug/elf: prevent offset overflow #75522
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| This PR (HEAD: c6b2f25) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| Message from Gopher Robot: Patch Set 1: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 1: Commit-Queue+1 (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 1: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-18T12:57:12Z","revision":"7d200899dd12d3e825e9b67bbc3c1ac0597e3dd9"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 1: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 1: This CL has passed the run Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 1: LUCI-TryBot-Result+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Ian Lance Taylor: Patch Set 1: (2 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 1: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
c6b2f25    to
    656e01b      
    Compare
  
    | This PR (HEAD: 656e01b) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
656e01b    to
    b3c1976      
    Compare
  
    | This PR (HEAD: b7aca22) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| This PR (HEAD: 7f9310d) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| Message from Jes Cok: Patch Set 4: Commit-Queue+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 4: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-19T16:32:17Z","revision":"37119c7b9e761a92178f3f921cdff99ad3b76e20"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Ian Lance Taylor: Patch Set 4: (2 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 4: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 4: This CL has passed the run Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 4: LUCI-TryBot-Result+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
7f9310d    to
    40ef3a0      
    Compare
  
    | This PR (HEAD: 40ef3a0) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| This PR (HEAD: aaa4f90) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| Message from Jes Cok: Patch Set 6: Commit-Queue+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 6: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-19T18:26:33Z","revision":"7c8e9a7d138d324cce28f80c5d434dc7dc736724"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 6: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 6: This CL has failed the run. Reason: Tryjob golang/try/gotip-linux-386_debiansid has failed with summary (view all results): 
 To reproduce, try  Additional links for debugging: Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 6: LUCI-TryBot-Result-1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 13: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-24T06:19:58Z","revision":"8e4cde15f7abb70a8deedef14aab80e3ef101706"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| This PR (HEAD: 8c9d985) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| Message from Go LUCI: Patch Set 13: LUCI-TryBot-Result-1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 14: Commit-Queue+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 14: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-24T06:34:51Z","revision":"02a4b3659079069b97d1a9f1cd1ac6a1e4e0cc32"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 14: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 14: This CL has passed the run Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 14: LUCI-TryBot-Result+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Ian Lance Taylor: Patch Set 14: (3 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
When applying relocations, a malformed ELF file can provide an offset that, when added to the relocation size, overflows. This wrapped-around value could then incorrectly pass the bounds check, leading to a panic when the slice is accessed with the original large offset. This change eliminates the manual bounds and overflow checks and writes a relocation to slice by calling putUint. The putUint helper function centralizes the logic for validating slice access, correctly handling both out-of-bounds and integer overflow conditions. This simplifies the relocation code and improves robustness when parsing malformed ELF files. Fixes golang#75516 Change-Id: I3a1662398a981977d6cbacfa47c40707ddd87b37
8c9d985    to
    4914431      
    Compare
  
    | This PR (HEAD: 4914431) has been imported to Gerrit for code review. Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075. Important tips: 
 | 
| Message from Jes Cok: Patch Set 15: Commit-Queue+1 (3 comments) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 15: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-25T05:02:33Z","revision":"69bb562018057d61455822cc2ea8d0e1c813de96"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 15: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 15: This CL has passed the run Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 15: LUCI-TryBot-Result+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Ian Lance Taylor: Patch Set 15: Code-Review+2 Commit-Queue+1 (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 15: Dry run: CV is trying the patch. Bot data: {"action":"start","triggered_at":"2025-09-25T22:31:23Z","revision":"69bb562018057d61455822cc2ea8d0e1c813de96"} Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Ian Lance Taylor: Patch Set 15: -Commit-Queue Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Go LUCI: Patch Set 15: This CL has passed the run Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Florian Lehner: Patch Set 15: Code-Review+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Junyang Shao: Patch Set 15: Code-Review+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Michael Knyszek: Patch Set 15: Code-Review+1 Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| Message from Jes Cok: Patch Set 15: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
When applying relocations, a malformed ELF file can provide an offset that, when added to the relocation size, overflows. This wrapped-around value could then incorrectly pass the bounds check, leading to a panic when the slice is accessed with the original large offset. This change eliminates the manual bounds and overflow checks and writes a relocation to slice by calling putUint. The putUint helper function centralizes the logic for validating slice access, correctly handling both out-of-bounds and integer overflow conditions. This simplifies the relocation code and improves robustness when parsing malformed ELF files. Fixes #75516 Change-Id: I00d806bf5501a9bf70200585ba4fd0475d7b2ddc GitHub-Last-Rev: 4914431 GitHub-Pull-Request: #75522 Reviewed-on: https://go-review.googlesource.com/c/go/+/705075 Reviewed-by: Florian Lehner <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Junyang Shao <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Commit-Queue: Ian Lance Taylor <[email protected]>
| Message from Jes Cok: Patch Set 15: (1 comment) Please don’t reply on this GitHub thread. Visit golang.org/cl/705075. | 
| This PR is being closed because golang.org/cl/705075 has been merged. | 
When applying relocations, a malformed ELF file can provide an offset
that, when added to the relocation size, overflows. This wrapped-around
value could then incorrectly pass the bounds check, leading to a panic
when the slice is accessed with the original large offset.
This change eliminates the manual bounds and overflow checks
and writes a relocation to slice by calling putUint.
The putUint helper function centralizes the logic for validating slice
access, correctly handling both out-of-bounds and integer overflow conditions.
This simplifies the relocation code and improves robustness when parsing
malformed ELF files.
Fixes #75516