mirror of
https://github.com/golang/go
synced 2024-11-20 03:04:40 -07:00
encoding/gob: change panic into error for corrupt input
decBuffer.Drop is called using data provided by the user, don't panic if it's bogus. Fixes #10272. Change-Id: I913ae9c3c45cef509f2b8eb02d1efa87fbd52afa Reviewed-on: https://go-review.googlesource.com/8496 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
8c3fc088fb
commit
e449b5705b
@ -688,7 +688,11 @@ func (dec *Decoder) ignoreInterface(state *decoderState) {
|
|||||||
error_(dec.err)
|
error_(dec.err)
|
||||||
}
|
}
|
||||||
// At this point, the decoder buffer contains a delimited value. Just toss it.
|
// At this point, the decoder buffer contains a delimited value. Just toss it.
|
||||||
state.b.Drop(int(state.decodeUint()))
|
n := int(state.decodeUint())
|
||||||
|
if n < 0 || state.b.Len() < n {
|
||||||
|
errorf("bad interface encoding: length too large for buffer")
|
||||||
|
}
|
||||||
|
state.b.Drop(n)
|
||||||
}
|
}
|
||||||
|
|
||||||
// decodeGobDecoder decodes something implementing the GobDecoder interface.
|
// decodeGobDecoder decodes something implementing the GobDecoder interface.
|
||||||
|
@ -954,3 +954,17 @@ func TestErrorForHugeSlice(t *testing.T) {
|
|||||||
t.Fatalf("decode: expected slice too big error, got %s", err.Error())
|
t.Fatalf("decode: expected slice too big error, got %s", err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Don't crash, just give error with corrupted length.
|
||||||
|
// Issue 10270.
|
||||||
|
func TestErrorBadDrop(t *testing.T) {
|
||||||
|
data := []byte{0x05, 0x10, 0x00, 0x28, 0x55, 0x7b, 0x02, 0x02, 0x7f, 0x83, 0x02}
|
||||||
|
d := NewDecoder(bytes.NewReader(data))
|
||||||
|
err := d.Decode(nil)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatal("decode: no error")
|
||||||
|
}
|
||||||
|
if !strings.Contains(err.Error(), "interface encoding") {
|
||||||
|
t.Fatalf("decode: expected interface encoding error, got %s", err.Error())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user