if n > state.b.Len() {
errorf("%s data too long for buffer: %d", value.Type(), n)
}
+ if n > tooBig {
+ errorf("byte slice too big: %d", n)
+ }
if value.Cap() < n {
value.Set(reflect.MakeSlice(value.Type(), n, n))
} else {
// of interfaces, there will be buffer reloads.
errorf("length of %s is negative (%d bytes)", value.Type(), u)
}
+ typ := value.Type()
+ size := uint64(typ.Elem().Size())
+ // Take care with overflow in this calculation.
+ nBytes := u * size
+ if nBytes > tooBig || (size > 0 && nBytes/size != u) {
+ errorf("%s slice too big: %d elements of %d bytes", typ.Elem(), n, size)
+ }
if value.Cap() < n {
- value.Set(reflect.MakeSlice(value.Type(), n, n))
+ value.Set(reflect.MakeSlice(typ, n, n))
} else {
value.Set(value.Slice(0, n))
}
"sync"
)
+// tooBig provides a sanity check for sizes; used in several places.
+// Upper limit of 1GB, allowing room to grow a little without overflow.
+// TODO: make this adjustable?
+const tooBig = 1 << 30
+
// A Decoder manages the receipt of type and data information read from the
// remote side of a connection.
type Decoder struct {
dec.err = err
return false
}
- // Upper limit of 1GB, allowing room to grow a little without overflow.
- // TODO: We might want more control over this limit.
- if nbytes >= 1<<30 {
+ if nbytes >= tooBig {
dec.err = errBadCount
return false
}
return
}
}
+
+// Don't crash, just give error when allocating a huge slice.
+// Issue 8084.
+func TestErrorForHugeSlice(t *testing.T) {
+ // Encode an int slice.
+ buf := new(bytes.Buffer)
+ slice := []int{1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
+ err := NewEncoder(buf).Encode(slice)
+ if err != nil {
+ t.Fatal("encode:", err)
+ }
+ // Reach into the buffer and smash the count to make the encoded slice very long.
+ buf.Bytes()[buf.Len()-len(slice)-1] = 0xfa
+ // Decode and see error.
+ err = NewDecoder(buf).Decode(&slice)
+ if err == nil {
+ t.Fatal("decode: no error")
+ }
+ if !strings.Contains(err.Error(), "slice too big") {
+ t.Fatal("decode: expected slice too big error, got %s", err.Error())
+ }
+}