Commit 9ca4a70a authored by Kamil Kisiel's avatar Kamil Kisiel Committed by GitHub

Merge pull request #65 from navytux/y/bytearray8-fix

decoder: Fix integer overflow in BYTEARRAY8 handling
parents 72a53b61 4f485784
F7e9
22‡22‡22‡22‡.
\ No newline at end of file
V\u043c\u0438\u0440
.
\ No newline at end of file
F4440892098500626161694526672363281250_0__
S"\xe2\x80\xa8"
.
\ No newline at end of file
(lI1
aI2
aI3
aI01
a.
\ No newline at end of file
F44408920985006261616945266716945266138777878078144567552953958511352539062572363282363281250_0__
c_codecs
encode
J¸Ã‘ÂUlatin1†R
\ No newline at end of file
((l(dS''
(lQsal.
\ No newline at end of file
c__builtin__
bytearray
(c
(ttR.
\ No newline at end of file
}(UaU1U2u.
\ No newline at end of file
S"\n\r\xe2\x80\xa8\u\U"
.
\ No newline at end of file
V\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
V\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
c
UbingR.
\ No newline at end of file
c__builtin__
bytearray
(Utin1tRtR
\ No newline at end of file
}(UaU1U2u.
\ No newline at end of file
c_codecs
encode
XÑUQQQQQQQQR.
\ No newline at end of file
c_codecs
encode
X¸Ã‘ÂUlatin1†R.
\ No newline at end of file
c_codecs
encode
X¸Ã‘ÂClatin1†R.
\ No newline at end of file
...@@ -781,11 +781,12 @@ func (d *Decoder) bufLoadBinData8() error { ...@@ -781,11 +781,12 @@ func (d *Decoder) bufLoadBinData8() error {
func (d *Decoder) bufLoadBytesData(l uint64) error { func (d *Decoder) bufLoadBytesData(l uint64) error {
d.buf.Reset() d.buf.Reset()
// don't allow malicious `BINSTRING <bigsize> nodata` to make us out of memory // don't allow malicious `BINSTRING <bigsize> nodata` to make us out of memory
prealloc := int(l) prealloc := l
if maxgrow := 0x10000; prealloc > maxgrow { const maxgrow = 0x10000
if prealloc > maxgrow {
prealloc = maxgrow prealloc = maxgrow
} }
d.buf.Grow(prealloc) d.buf.Grow(int(prealloc))
if l > math.MaxInt64 { if l > math.MaxInt64 {
return fmt.Errorf("size([]data) > maxint64") return fmt.Errorf("size([]data) > maxint64")
} }
......
...@@ -839,9 +839,10 @@ func TestFuzzCrashers(t *testing.T) { ...@@ -839,9 +839,10 @@ func TestFuzzCrashers(t *testing.T) {
"(c\n\nc\n\n\x85Rd", "(c\n\nc\n\n\x85Rd",
"}(U\x040000u", "}(U\x040000u",
"(\x88d", "(\x88d",
"(]QNd.", // PersID([]) -> dict "(]QNd.", // PersID([]) -> dict
"}]QNs.", // PersID([]) -> setitem "}]QNs.", // PersID([]) -> setitem
"}(]QNI1\nNu.", // PersID([]) ... -> setitems "}(]QNI1\nNu.", // PersID([]) ... -> setitems
"\x960000000\xef", // BYTEARRAY8
} }
for _, c := range crashers { for _, c := range crashers {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment