Commit 9ca4a70a authored by Kamil Kisiel's avatar Kamil Kisiel Committed by GitHub

Merge pull request #65 from navytux/y/bytearray8-fix

decoder: Fix integer overflow in BYTEARRAY8 handling
parents 72a53b61 4f485784
F7e9
22‡22‡22‡22‡.
\ No newline at end of file
V\u043c\u0438\u0440
.
\ No newline at end of file
F4440892098500626161694526672363281250_0__
S"\xe2\x80\xa8"
.
\ No newline at end of file
(lI1
aI2
aI3
aI01
a.
\ No newline at end of file
F44408920985006261616945266716945266138777878078144567552953958511352539062572363282363281250_0__
c_codecs
encode
J¸Ã‘ÂUlatin1†R
\ No newline at end of file
((l(dS''
(lQsal.
\ No newline at end of file
c__builtin__
bytearray
(c
(ttR.
\ No newline at end of file
}(UaU1U2u.
\ No newline at end of file
S"\n\r\xe2\x80\xa8\u\U"
.
\ No newline at end of file
V\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
V\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
c
UbingR.
\ No newline at end of file
c__builtin__
bytearray
(Utin1tRtR
\ No newline at end of file
}(UaU1U2u.
\ No newline at end of file
c_codecs
encode
XÑUQQQQQQQQR.
\ No newline at end of file
c_codecs
encode
X¸Ã‘ÂUlatin1†R.
\ No newline at end of file
c_codecs
encode
X¸Ã‘ÂClatin1†R.
\ No newline at end of file
......@@ -781,11 +781,12 @@ func (d *Decoder) bufLoadBinData8() error {
func (d *Decoder) bufLoadBytesData(l uint64) error {
d.buf.Reset()
// don't allow malicious `BINSTRING <bigsize> nodata` to make us out of memory
prealloc := int(l)
if maxgrow := 0x10000; prealloc > maxgrow {
prealloc := l
const maxgrow = 0x10000
if prealloc > maxgrow {
prealloc = maxgrow
}
d.buf.Grow(prealloc)
d.buf.Grow(int(prealloc))
if l > math.MaxInt64 {
return fmt.Errorf("size([]data) > maxint64")
}
......
......@@ -842,6 +842,7 @@ func TestFuzzCrashers(t *testing.T) {
"(]QNd.", // PersID([]) -> dict
"}]QNs.", // PersID([]) -> setitem
"}(]QNI1\nNu.", // PersID([]) ... -> setitems
"\x960000000\xef", // BYTEARRAY8
}
for _, c := range crashers {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment