diff options
author | Roland Shoemaker <roland@golang.org> | 2022-07-15 10:43:44 -0700 |
---|---|---|
committer | Cherry Mui <cherryyz@google.com> | 2022-07-29 14:06:18 +0000 |
commit | 703c8ab7e5ba75c95553d4e249309297abad7102 (patch) | |
tree | b01fba8f8fed093e7ebe56f6836c13b4a2f1b651 /src/math/big/ratmarsh.go | |
parent | d9242f7a8c29aa17201cd66d29cdd20916c2de60 (diff) | |
download | go-703c8ab7e5ba75c95553d4e249309297abad7102.tar.gz go-703c8ab7e5ba75c95553d4e249309297abad7102.zip |
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.
Updates #53871
Fixes #54094
Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113ef364337607e3e72ed7d48df67fde6fc66)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
Diffstat (limited to 'src/math/big/ratmarsh.go')
-rw-r--r-- | src/math/big/ratmarsh.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go index fbc7b6002d..56102e845b 100644 --- a/src/math/big/ratmarsh.go +++ b/src/math/big/ratmarsh.go @@ -45,12 +45,18 @@ func (z *Rat) GobDecode(buf []byte) error { *z = Rat{} return nil } + if len(buf) < 5 { + return errors.New("Rat.GobDecode: buffer too small") + } b := buf[0] if b>>1 != ratGobVersion { return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1) } const j = 1 + 4 i := j + binary.BigEndian.Uint32(buf[j-4:j]) + if len(buf) < int(i) { + return errors.New("Rat.GobDecode: buffer too small") + } z.a.neg = b&1 != 0 z.a.abs = z.a.abs.setBytes(buf[j:i]) z.b.abs = z.b.abs.setBytes(buf[i:]) |