Skip to content

Commit

Permalink
encoding/gob: change panic into error for corrupt input
Browse files Browse the repository at this point in the history 
decBuffer.Drop is called using data provided by the user, don't
panic if it's bogus.

Fixes #10272.

Change-Id: I913ae9c3c45cef509f2b8eb02d1efa87fbd52afa
Reviewed-on: https://go-review.googlesource.com/8496
Reviewed-by: Brad Fitzpatrick <[email protected]>
  • Loading branch information
@robpike
robpike committed Apr 6, 2015
1 parent 8c3fc08 commit e449b57
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/encoding/gob/decode.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,11 @@ func (dec *Decoder) ignoreInterface(state *decoderState) {
error_(dec.err)
}
// At this point, the decoder buffer contains a delimited value. Just toss it.
state.b.Drop(int(state.decodeUint()))
n := int(state.decodeUint())
if n < 0 || state.b.Len() < n {
errorf("bad interface encoding: length too large for buffer")
}
state.b.Drop(n)
}

// decodeGobDecoder decodes something implementing the GobDecoder interface.
Expand Down
14 changes: 14 additions & 0 deletions src/encoding/gob/encoder_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -954,3 +954,17 @@ func TestErrorForHugeSlice(t *testing.T) {
t.Fatalf("decode: expected slice too big error, got %s", err.Error())
}
}

// Don't crash, just give error with corrupted length.
// Issue 10270.
func TestErrorBadDrop(t *testing.T) {
data := []byte{0x05, 0x10, 0x00, 0x28, 0x55, 0x7b, 0x02, 0x02, 0x7f, 0x83, 0x02}
d := NewDecoder(bytes.NewReader(data))
err := d.Decode(nil)
if err == nil {
t.Fatal("decode: no error")
}
if !strings.Contains(err.Error(), "interface encoding") {
t.Fatalf("decode: expected interface encoding error, got %s", err.Error())
}
}

0 comments on commit e449b57

Please sign in to comment.