debug/buildinfo: slice bounds out of range

[catenacyber]

Go version

go version devel go1.24-96d8ff0 Sat Aug 24 00:51:40 2024 +0000 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/root/.go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/root/.go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.1'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='clang'
CXX='clang++'
CGO_ENABLED='1'
GOMOD='/src/ngolo-fuzzing/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3147469696=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Run https://go.dev/play/p/28-LPYiOuVt?v=gotip

What did you see happen?

panic: runtime error: slice bounds out of range [864:863] [recovered]
    panic: runtime error: slice bounds out of range [864:863]

goroutine 17 [running, locked to thread]:
github.com/catenacyber/ngolo-fuzzing/fuzz_ng_debug_buildinfo.FuzzNG_unsure.func1()
    github.com/catenacyber/ngolo-fuzzing/fuzz_ng_debug_buildinfo/fuzz_ng.go:152 +0x10d
panic({0x5584972fa0c0?, 0x10c00001a108?})
    runtime/panic.go:785 +0x132
debug/buildinfo.searchMagic({0x558497316e08, 0x10c000072098}, 0x20, 0x2?)
    debug/buildinfo/buildinfo.go:383 +0x605
debug/buildinfo.readRawBuildInfo({0x558497316478, 0x10c0000b25d0})
    debug/buildinfo/buildinfo.go:175 +0xd17
debug/buildinfo.Read({0x558497316478?, 0x10c0000b25d0?})
    debug/buildinfo/buildinfo.go:89 +0x3e

What did you expect to see?

The program printing hello

This was found by ngolo-fuzzing on oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71257

[gabyhelp]

Related Issues and Documentation

• debug/buildinfo: index out of range in buildinfo.Read #57002 (closed)
• debug/elf: slice bounds out of range in Symbols #62649 (closed)
• debug/buildinfo: index out of range in buildinfo.Read #58137 (closed)
• debug/elf: slice out of bounds in ImportedLibraries #63610 (closed)
• debug/elf: panic: runtime error: slice bounds out of range #52035 (closed)
• debug/elf: slice out of bounds in DynValue #64446 (closed)
• go/version: slice bounds out of range in Lang (only at tip) #64033 (closed)
• archive/zip: slice out of bounds in NewReader at tip #59810 (closed)
• x/image/font/plan9font: slice bounds out of range #56931 (closed)
• index/suffixarray: panic: runtime error: slice bounds out of range [92:62] #52120 (closed)

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}

[catenacyber]

Note that there is no problem in go 1.23

[gopherbot]

Change https://go.dev/cl/608517 mentions this issue: debug/buildinfo: don't crash on corrupt object file

[gopherbot]

Change https://go.dev/cl/608637 mentions this issue: debug/buildinfo: stop searchMagic search at EOF