1
0
mirror of https://github.com/golang/go synced 2024-11-11 19:21:37 -07:00

math/big: prevent overflow in (*Rat).SetString

Credit to rsc@ for the original patch.

Thanks to the OSS-Fuzz project for discovering this
issue and to Emmanuel Odeke (@odeke_et) for reporting it.

Fixes #50699
Fixes CVE-2022-23772

Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
This commit is contained in:
Katie Hockman 2022-01-19 16:54:41 -05:00
parent f5fe5a4524
commit ad345c2659
2 changed files with 6 additions and 0 deletions

View File

@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
n := exp5
if n < 0 {
n = -n
if n < 0 {
// This can occur if -n overflows. -(-1 << 63) would become
// -1 << 63, which is still negative.
return nil, false
}
}
if n > 1e6 {
return nil, false // avoid excessively large exponents

View File

@ -104,6 +104,7 @@ var setStringTests = []StringTest{
{in: "4/3/"},
{in: "4/3."},
{in: "4/"},
{in: "13e-9223372036854775808"}, // CVE-2022-23772
// valid
{"0", "0", true},