encoding/gob: change panic into error for corrupt input

decBuffer.Drop is called using data provided by the user, don't panic if it's bogus. Fixes #10272. Change-Id: I913ae9c3c45cef509f2b8eb02d1efa87fbd52afa Reviewed-on: https://go-review.googlesource.com/8496 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
author: Rob Pike <r@golang.org> 2015-04-06 11:39:36 -0700
committer: Rob Pike <r@golang.org> 2015-04-06 21:40:03 +0000
commit: e449b5705b4cffc29e9f24f6d24386d64dbd5dbb (patch)
tree: 588832f3612669d19d6282f4ebf8a641695c1ff2 /src/encoding/gob/decode.go
parent: 8c3fc088fbe1a25be73430a20a0c76af3c68d2f5 (diff)
download: go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.tar.gz
go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go
index a5bef93141..e227b221aa 100644
--- a/src/encoding/gob/decode.go
+++ b/src/encoding/gob/decode.go
@@ -688,7 +688,11 @@ func (dec *Decoder) ignoreInterface(state *decoderState) {
 		error_(dec.err)
 	}
 	// At this point, the decoder buffer contains a delimited value. Just toss it.
-	state.b.Drop(int(state.decodeUint()))
+	n := int(state.decodeUint())
+	if n < 0 || state.b.Len() < n {
+		errorf("bad interface encoding: length too large for buffer")
+	}
+	state.b.Drop(n)
 }
 
 // decodeGobDecoder decodes something implementing the GobDecoder interface.
author	Rob Pike <r@golang.org>	2015-04-06 11:39:36 -0700
committer	Rob Pike <r@golang.org>	2015-04-06 21:40:03 +0000
commit	e449b5705b4cffc29e9f24f6d24386d64dbd5dbb (patch)
tree	588832f3612669d19d6282f4ebf8a641695c1ff2 /src/encoding/gob/decode.go
parent	8c3fc088fbe1a25be73430a20a0c76af3c68d2f5 (diff)
download	go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.tar.gz go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.zip