qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-06 07:26:10 -07:00
Code Releases Activity
27794c4d4a
go/src/encoding
History
Roland Shoemaker 6fa37e98ea encoding/gob: add a depth limit for ignored fields 
Enforce a nesting limit of 10,000 for ignored fields during decoding
of messages. This prevents the possibility of triggering stack
exhaustion.

Fixes #53615
Fixes CVE-2022-30635

Change-Id: I05103d06dd5ca3945fcba3c1f5d3b5a645e8fb0f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1484771
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/417064
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
2022-07-12 15:05:49 +00:00
..
ascii85 all: remove trailing blank doc comment lines 2022-04-01 18:18:07 +00:00
asn1 all: replace `` and '' with “ (U+201C) and ” (U+201D) in doc comments 2022-04-05 17:52:29 +00:00
base32 encoding/base32: decoder output depends on chunking of underlying reader 2022-05-03 18:30:15 +00:00
base64 all: gofmt -w -r 'interface{} -> any' src 2021-12-13 18:45:54 +00:00
binary encoding/binary: add AppendVarint AppendUvarint 2022-04-15 01:19:37 +00:00
csv encoding/csv: add Reader.InputOffset method 2022-05-14 04:25:13 +00:00
gob encoding/gob: add a depth limit for ignored fields 2022-07-12 15:05:49 +00:00
hex encoding/hex: implement Decode with a lookup table 2022-03-11 21:51:20 +00:00
json encoding/json: mention SyntaxError in Unmarshal doc comment 2022-06-01 22:59:44 +00:00
pem encoding/pem: fix stack overflow in Decode 2022-04-12 15:19:32 +00:00
xml encoding/xml: use iterative Skip, rather than recursive 2022-07-12 15:05:39 +00:00
encoding.go