diff options
author | Michael Anthony Knyszek <mknyszek@google.com> | 2022-07-13 15:35:44 +0000 |
---|---|---|
committer | Michael Anthony Knyszek <mknyszek@google.com> | 2022-07-13 15:35:44 +0000 |
commit | 7d5078e3bf2d865526e8ec2d211f61b2fac2936f (patch) | |
tree | 8f434be7d8e2ec1e3e5783f57deacdec41d454d9 /src/compress/gzip/gunzip_test.go | |
parent | 4658e6e324a85b0076f66acdab77799ffa9ac7bb (diff) | |
parent | 1ed3c127daceaffb9aadc806ba60f0b51b47421b (diff) | |
download | go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.tar.gz go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.zip |
[dev.boringcrypto.go1.17] all: merge go1.17.12 into dev.boringcrypto.go1.17
Change-Id: I652dbbb5721fa0c7be09be34b9ac1a987c331f6d
Diffstat (limited to 'src/compress/gzip/gunzip_test.go')
-rw-r--r-- | src/compress/gzip/gunzip_test.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go index 17c23e8a9b..6fe8ddcf55 100644 --- a/src/compress/gzip/gunzip_test.go +++ b/src/compress/gzip/gunzip_test.go @@ -515,3 +515,19 @@ func TestTruncatedStreams(t *testing.T) { } } } + +func TestCVE202230631(t *testing.T) { + var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00, + 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + r := bytes.NewReader(bytes.Repeat(empty, 4e6)) + z, err := NewReader(r) + if err != nil { + t.Fatalf("NewReader: got %v, want nil", err) + } + // Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due + // to stack exhaustion. + _, err = z.Read(make([]byte, 10)) + if err != io.EOF { + t.Errorf("Reader.Read: got %v, want %v", err, io.EOF) + } +} |