debug/elf: use saferio.InBounds to prevent offset overflow

[callthingsoff]

When applying relocations, a malformed ELF file can provide an offset
that, when added to the relocation size, overflows. This wrapped-around
value could then incorrectly pass the bounds check, leading to a panic
when the slice is accessed with the original large offset.

This change replaces the manual bounds and overflow checks in the
applyRelocations* functions with calls to saferio.{InBounds32,InBounds64}.

These helper functions centralize the logic for validating slice access,
correctly handling both out-of-bounds and integer overflow conditions.
This simplifies the relocation code and improves robustness when parsing
malformed ELF files.

Fixes #75516

[gopherbot]

This PR (HEAD: c6b2f25) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Gopher Robot:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 1: Commit-Queue+1

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-09-18T12:57:12Z","revision":"7d200899dd12d3e825e9b67bbc3c1ac0597e3dd9"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 1: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1:

This CL has passed the run

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 1: LUCI-TryBot-Result+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Ian Lance Taylor:

Patch Set 1:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 656e01b) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

This PR (HEAD: b7aca22) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

This PR (HEAD: 7f9310d) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Jes Cok:

Patch Set 4: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 4:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-09-19T16:32:17Z","revision":"37119c7b9e761a92178f3f921cdff99ad3b76e20"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Ian Lance Taylor:

Patch Set 4:

(2 comments)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 4: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 4:

This CL has passed the run

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 4: LUCI-TryBot-Result+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 40ef3a0) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

This PR (HEAD: aaa4f90) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Jes Cok:

Patch Set 6: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-09-19T18:26:33Z","revision":"7c8e9a7d138d324cce28f80c5d434dc7dc736724"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 6: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6:

This CL has failed the run. Reason:

Tryjob golang/try/gotip-linux-386_debiansid has failed with summary (view all results):

---

• go on master (change 705075)

To reproduce, try gomote repro 8703275823735374721.

Additional links for debugging:

• go tool dist test -json output [shard 2]

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 6: LUCI-TryBot-Result-1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 3ec0cfc) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Jes Cok:

Patch Set 7: Commit-Queue+1

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 7:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-09-19T19:04:55Z","revision":"d4b8845e9560bf9ffba8e218992de3f3e8617d70"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 7: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 7:

This CL has failed the run. Reason:

Tryjob golang/try/gotip-linux-386_debiansid has failed with summary (view all results):

---

• go on master (change 705075)

To reproduce, try gomote repro 8703273403915967825.

Additional links for debugging:

• go tool dist test -json output [shard 3]

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 7: LUCI-TryBot-Result-1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: a7ce104) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/705075.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[gopherbot]

Message from Jes Cok:

Patch Set 8: Commit-Queue+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 8:

Dry run: CV is trying the patch.

Bot data: {"action":"start","triggered_at":"2025-09-20T02:19:42Z","revision":"8b100ca8399b8b5e02b0d743621539792907156c"}

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Jes Cok:

Patch Set 8: -Commit-Queue

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 8:

This CL has passed the run

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

Message from Go LUCI:

Patch Set 8: LUCI-TryBot-Result+1

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/705075.
After addressing review feedback, remember to publish your drafts!