From e449b5705b4cffc29e9f24f6d24386d64dbd5dbb Mon Sep 17 00:00:00 2001
From: Rob Pike <r@golang.org>
Date: Mon, 6 Apr 2015 11:39:36 -0700
Subject: encoding/gob: change panic into error for corrupt input

decBuffer.Drop is called using data provided by the user, don't
panic if it's bogus.

Fixes #10272.

Change-Id: I913ae9c3c45cef509f2b8eb02d1efa87fbd52afa
Reviewed-on: https://go-review.googlesource.com/8496
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 src/encoding/gob/decode.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/encoding/gob/decode.go')

diff --git a/src/encoding/gob/decode.go b/src/encoding/gob/decode.go
index a5bef93141..e227b221aa 100644
--- a/src/encoding/gob/decode.go
+++ b/src/encoding/gob/decode.go
@@ -688,7 +688,11 @@ func (dec *Decoder) ignoreInterface(state *decoderState) {
 		error_(dec.err)
 	}
 	// At this point, the decoder buffer contains a delimited value. Just toss it.
-	state.b.Drop(int(state.decodeUint()))
+	n := int(state.decodeUint())
+	if n < 0 || state.b.Len() < n {
+		errorf("bad interface encoding: length too large for buffer")
+	}
+	state.b.Drop(n)
 }
 
 // decodeGobDecoder decodes something implementing the GobDecoder interface.
-- 
cgit v1.2.3-54-g00ecf