diff options
author | Rob Pike <r@golang.org> | 2015-04-06 11:39:36 -0700 |
---|---|---|
committer | Rob Pike <r@golang.org> | 2015-04-06 21:40:03 +0000 |
commit | e449b5705b4cffc29e9f24f6d24386d64dbd5dbb (patch) | |
tree | 588832f3612669d19d6282f4ebf8a641695c1ff2 /src/encoding/gob/decode.go | |
parent | 8c3fc088fbe1a25be73430a20a0c76af3c68d2f5 (diff) | |
download | go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.tar.gz go-e449b5705b4cffc29e9f24f6d24386d64dbd5dbb.zip |
encoding/gob: change panic into error for corrupt input
decBuffer.Drop is called using data provided by the user, don't
panic if it's bogus.
Fixes #10272.
Change-Id: I913ae9c3c45cef509f2b8eb02d1efa87fbd52afa
Reviewed-on: https://go-review.googlesource.com/8496
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/encoding/gob/decode.go')
-rw-r--r-- | src/encoding/gob/decode.go | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go index a5bef93141..e227b221aa 100644 --- a/src/encoding/gob/decode.go +++ b/src/encoding/gob/decode.go @@ -688,7 +688,11 @@ func (dec *Decoder) ignoreInterface(state *decoderState) { error_(dec.err) } // At this point, the decoder buffer contains a delimited value. Just toss it. - state.b.Drop(int(state.decodeUint())) + n := int(state.decodeUint()) + if n < 0 || state.b.Len() < n { + errorf("bad interface encoding: length too large for buffer") + } + state.b.Drop(n) } // decodeGobDecoder decodes something implementing the GobDecoder interface. |