[dev.boringcrypto.go1.17] all: merge go1.17.12 into dev.boringcrypto.go1.17

Change-Id: I652dbbb5721fa0c7be09be34b9ac1a987c331f6d
author: Michael Anthony Knyszek <mknyszek@google.com> 2022-07-13 15:35:44 +0000
committer: Michael Anthony Knyszek <mknyszek@google.com> 2022-07-13 15:35:44 +0000
commit: 7d5078e3bf2d865526e8ec2d211f61b2fac2936f (patch)
tree: 8f434be7d8e2ec1e3e5783f57deacdec41d454d9 /src/compress/gzip/gunzip_test.go
parent: 4658e6e324a85b0076f66acdab77799ffa9ac7bb (diff)
parent: 1ed3c127daceaffb9aadc806ba60f0b51b47421b (diff)
download: go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.tar.gz
go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/src/compress/gzip/gunzip_test.go b/src/compress/gzip/gunzip_test.go
index 17c23e8a9b..6fe8ddcf55 100644
--- a/src/compress/gzip/gunzip_test.go
+++ b/src/compress/gzip/gunzip_test.go
@@ -515,3 +515,19 @@ func TestTruncatedStreams(t *testing.T) {
 		}
 	}
 }
+
+func TestCVE202230631(t *testing.T) {
+	var empty = []byte{0x1f, 0x8b, 0x08, 0x00, 0xa7, 0x8f, 0x43, 0x62, 0x00,
+		0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+	r := bytes.NewReader(bytes.Repeat(empty, 4e6))
+	z, err := NewReader(r)
+	if err != nil {
+		t.Fatalf("NewReader: got %v, want nil", err)
+	}
+	// Prior to CVE-2022-30631 fix, this would cause an unrecoverable panic due
+	// to stack exhaustion.
+	_, err = z.Read(make([]byte, 10))
+	if err != io.EOF {
+		t.Errorf("Reader.Read: got %v, want %v", err, io.EOF)
+	}
+}
author	Michael Anthony Knyszek <mknyszek@google.com>	2022-07-13 15:35:44 +0000
committer	Michael Anthony Knyszek <mknyszek@google.com>	2022-07-13 15:35:44 +0000
commit	7d5078e3bf2d865526e8ec2d211f61b2fac2936f (patch)
tree	8f434be7d8e2ec1e3e5783f57deacdec41d454d9 /src/compress/gzip/gunzip_test.go
parent	4658e6e324a85b0076f66acdab77799ffa9ac7bb (diff)
parent	1ed3c127daceaffb9aadc806ba60f0b51b47421b (diff)
download	go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.tar.gz go-7d5078e3bf2d865526e8ec2d211f61b2fac2936f.zip