search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
121.31k stars 17.38k forks source link

debug/elf: oom in NewFile #52522

Closed catenacyber closed 1 year ago

catenacyber commented 2 years ago

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:    macOS
ProductVersion: 12.2.1
BuildVersion:   21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

Run https://go.dev/play/p/ZigUarZbe1S

What did you expect to see?

The program finishing and printing somme dummy data

What did you see instead?

Only 

Program exited.

Heap profiling shows 3Gbyte allocation indebug/elf.(*Section).Data /usr/local/go/src/debug/elf/file.go:105

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46175

cc @ianlancetaylor as you fixed the latest oom

cagedmantis commented 2 years ago

/cc @ianlancetaylor

catenacyber commented 2 years ago

Another sample : https://go.dev/play/p/fOe3ZHI2RQ8

Stack trace is 

panic: runtime error: makeslice: len out of range

goroutine 1 [running]:
debug/elf.(*Section).Data(0xc0000d4000)
    /usr/local/go-faketime/src/debug/elf/file.go:105 +0x30
debug/elf.NewFile({0x4d0928?, 0xc0000aa0c0})
    /usr/local/go-faketime/src/debug/elf/file.go:459 +0x1252
main.main()
    /tmp/sandbox4242417514/prog.go:12 +0x178

Program exited.
gopherbot commented 2 years ago

Change https://go.dev/cl/408679 mentions this issue: debug/elf: use saferio to read section data