Closed catenacyber closed 2 years ago
go version
$ go version go version go1.17.6 darwin/amd64
Yes
go env
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/Users/catena/Library/Caches/go-build" GOENV="/Users/catena/Library/Application Support/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="/Users/catena/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/catena/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64" GOVCS="" GOVERSION="go1.17.6" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common" GOROOT/bin/go version: go version go1.17.6 darwin/amd64 GOROOT/bin/go tool compile -V: compile version go1.17.6 uname -v: Darwin Kernel Version 21.3.0: Wed Jan 5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64 ProductName: macOS ProductVersion: 12.2.1 BuildVersion: 21D62 lldb --version: lldb-1316.0.9.41 Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8) gdb --version: GNU gdb (GDB) 9.1
Run https://go.dev/play/p/ROR4-rqZcW4
The program finishing and printing somme Hello, without having allocated too much space
Nothing
Running heap profiling I see that 76 GByte was allocated from
debug/pe.readCOFFSymbols /usr/local/go/src/debug/pe/symbol.go Total: 40GB 76GB (flat, cum) 100% 31 . . } 32 . . _, err := r.Seek(int64(fh.PointerToSymbolTable), seekStart) 33 . . if err != nil { 34 . . return nil, fmt.Errorf("fail to seek to symbol table: %v", err) 35 . . } 36 40GB 40GB syms := make([]COFFSymbol, fh.NumberOfSymbols) 37 . 36GB err = binary.Read(r, binary.LittleEndian, syms)
Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48257
cf https://github.com/golang/go/issues/52350 cf https://github.com/golang/go/issues/52525 as well cc @thanm
Change https://go.dev/cl/413995 mentions this issue: debug/pe: use saferio to set symbol slice capacity
debug/pe: use saferio to set symbol slice capacity
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Run https://go.dev/play/p/ROR4-rqZcW4
What did you expect to see?
The program finishing and printing somme Hello, without having allocated too much space
What did you see instead?
Nothing
Running heap profiling I see that 76 GByte was allocated from
Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48257
cf https://github.com/golang/go/issues/52350 cf https://github.com/golang/go/issues/52525 as well cc @thanm