From: Russ Cox Date: Wed, 9 Oct 2013 12:37:06 +0000 (-0400) Subject: compress/flate: fix infinite loop on malformed data X-Git-Tag: go1.2rc2~48 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=8ba6deb1ec6cc48b54e98cb97de5e907e7901c58;p=gostls13.git compress/flate: fix infinite loop on malformed data Test using compress/gzip, because that's how the data arrived. Fixes #6550. R=golang-dev, r CC=golang-dev https://golang.org/cl/14441051 --- diff --git a/src/pkg/compress/flate/inflate.go b/src/pkg/compress/flate/inflate.go index 34ba00d5af..3eb3b2b83e 100644 --- a/src/pkg/compress/flate/inflate.go +++ b/src/pkg/compress/flate/inflate.go @@ -644,6 +644,10 @@ func (f *decompressor) huffSym(h *huffmanDecoder) (int, error) { if n > huffmanChunkBits { chunk = h.links[chunk>>huffmanValueShift][(f.b>>huffmanChunkBits)&h.linkMask] n = uint(chunk & huffmanCountMask) + if n == 0 { + f.err = CorruptInputError(f.roffset) + return 0, f.err + } } if n <= f.nb { f.b >>= n diff --git a/src/pkg/compress/gzip/gunzip_test.go b/src/pkg/compress/gzip/gunzip_test.go index a1333580dc..572fb58488 100644 --- a/src/pkg/compress/gzip/gunzip_test.go +++ b/src/pkg/compress/gzip/gunzip_test.go @@ -7,7 +7,10 @@ package gzip import ( "bytes" "io" + "io/ioutil" + "os" "testing" + "time" ) type gunzipTest struct { @@ -302,3 +305,31 @@ func TestDecompressor(t *testing.T) { } } } + +func TestIssue6550(t *testing.T) { + f, err := os.Open("testdata/issue6550.gz") + if err != nil { + t.Fatal(err) + } + gzip, err := NewReader(f) + if err != nil { + t.Fatalf("NewReader(testdata/issue6550.gz): %v", err) + } + defer gzip.Close() + done := make(chan bool, 1) + go func() { + _, err := io.Copy(ioutil.Discard, gzip) + if err == nil { + t.Errorf("Copy succeeded") + } else { + t.Logf("Copy failed (correctly): %v", err) + } + done <- true + }() + select { + case <-time.After(1 * time.Second): + t.Errorf("Copy hung") + case <-done: + // ok + } +} diff --git a/src/pkg/compress/gzip/testdata/issue6550.gz b/src/pkg/compress/gzip/testdata/issue6550.gz new file mode 100644 index 0000000000..57972b6366 Binary files /dev/null and b/src/pkg/compress/gzip/testdata/issue6550.gz differ