diff options
author | Roland Shoemaker <roland@golang.org> | 2021-10-14 13:02:01 -0700 |
---|---|---|
committer | Dmitri Shuralyov <dmitshur@golang.org> | 2021-10-29 19:42:43 +0000 |
commit | d19c5bdb24e093a2d5097b7623284eb02726cede (patch) | |
tree | 6cae6e93d1ded623239b0cf3fb3fd5c66316e5f0 /src/vendor/modules.txt | |
parent | 900443349b17bb1f989daa64856546955c70d104 (diff) | |
download | go-d19c5bdb24e093a2d5097b7623284eb02726cede.tar.gz go-d19c5bdb24e093a2d5097b7623284eb02726cede.zip |
[release-branch.go1.16] debug/macho: fail on invalid dynamic symbol table command
Fail out when loading a file that contains a dynamic symbol table
command that indicates a larger number of symbols than exist in the
loaded symbol table.
Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for
reporting this issue.
Updates #48990
Fixes #48991
Fixes CVE-2021-41771
Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5
Reviewed-on: https://go-review.googlesource.com/c/go/+/355990
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>
(cherry picked from commit 61536ec03063b4951163bd09609c86d82631fa27)
Reviewed-on: https://go-review.googlesource.com/c/go/+/359454
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Diffstat (limited to 'src/vendor/modules.txt')
0 files changed, 0 insertions, 0 deletions