diff options
author | Andy Pan <panjf2000@gmail.com> | 2021-06-23 12:59:48 +0800 |
---|---|---|
committer | Emmanuel Odeke <emmanuel@orijtech.com> | 2021-06-24 03:20:33 +0000 |
commit | 86d72fa2cba51342ba5617abf43a732f9fd668ca (patch) | |
tree | 162035b048cc8c1b60cc8bfa6a894d8cc337a642 /src/time/format.go | |
parent | 44a12e5f33bed2189735d8466b38fe455fe9b752 (diff) | |
download | go-86d72fa2cba51342ba5617abf43a732f9fd668ca.tar.gz go-86d72fa2cba51342ba5617abf43a732f9fd668ca.zip |
time: handle invalid UTF-8 byte sequences in quote to prevent panic
Fixes #46883
Updates CL 267017
Change-Id: I15c307bfb0aaa2877a148d32527681f79df1a650
Reviewed-on: https://go-review.googlesource.com/c/go/+/330289
Reviewed-by: Kevin Burke <kev@inburke.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Diffstat (limited to 'src/time/format.go')
-rw-r--r-- | src/time/format.go | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/time/format.go b/src/time/format.go index 6040ed5aeb..bb173a21c2 100644 --- a/src/time/format.go +++ b/src/time/format.go @@ -751,8 +751,11 @@ type ParseError struct { // These are borrowed from unicode/utf8 and strconv and replicate behavior in // that package, since we can't take a dependency on either. -const runeSelf = 0x80 -const lowerhex = "0123456789abcdef" +const ( + lowerhex = "0123456789abcdef" + runeSelf = 0x80 + runeError = '\uFFFD' +) func quote(s string) string { buf := make([]byte, 1, len(s)+2) // slice will be at least len(s) + quotes @@ -765,7 +768,16 @@ func quote(s string) string { // reproduce strconv.Quote's behavior with full fidelity but // given how rarely we expect to hit these edge cases, speed and // conciseness are better. - for j := 0; j < len(string(c)) && j < len(s); j++ { + var width int + if c == runeError { + width = 1 + if i+2 < len(s) && s[i:i+3] == string(runeError) { + width = 3 + } + } else { + width = len(string(c)) + } + for j := 0; j < width; j++ { buf = append(buf, `\x`...) buf = append(buf, lowerhex[s[i+j]>>4]) buf = append(buf, lowerhex[s[i+j]&0xF]) |