Do not panic if the package path or the package version contains
invalid UTF-8 characters.
Fixes #75251
Change-Id: Ib787e74277cf814253857b911d378ea5e53d8824
Reviewed-on: https://go-review.googlesource.com/c/go/+/700815
Reviewed-by: Michael Matloob <matloob@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Alexander <jitsu@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
"regexp"
"strings"
"sync"
+ "unicode/utf8"
"cmd/go/internal/base"
"cmd/go/internal/gover"
// TODO(bcmills): Use errors.As to unpack these errors instead of parsing
// strings with regular expressions.
+ if !utf8.ValidString(q.pattern) || !utf8.ValidString(q.version) {
+ base.Errorf("go: %s", errStr)
+ return
+ }
+
patternRE := regexp.MustCompile("(?m)(?:[ \t(\"`]|^)" + regexp.QuoteMeta(q.pattern) + "(?:[ @:;)\"`]|$)")
if patternRE.MatchString(errStr) {
if q.rawVersion == "" {
--- /dev/null
+# Issue #75251: Don't panic if the package path or the package version
+# contains invalid UTF-8 characters.
+
+go mod init m
+
+! go get golang.org/x/net/http/httpgutsÿv0.43.0 # contains 0xff byte
+! stderr panic
+stderr 'malformed module path'
+
+! go get golang.org/x/net/http/httpgutsÿ@v0.43.0 # contains 0xff byte
+! stderr panic
+stderr 'malformed module path'
+
+! go get golang.org/x/net/http/httpguts@ÿv0.43.0 # contains 0xff byte
+! stderr panic
+stderr 'disallowed version string'
import (
"regexp"
"strings"
+ "unicode/utf8"
)
// Note: most of this code was originally part of the cmd/go/internal/search
const vendorChar = "\x00"
- if vendorExclude && strings.Contains(pattern, vendorChar) {
+ if vendorExclude && strings.Contains(pattern, vendorChar) || !utf8.ValidString(pattern) {
return func(name string) bool { return false }
}