From 3d6ba27f4ffef372d9a41bc488ca329c2786187f Mon Sep 17 00:00:00 2001 From: cuiweixie Date: Fri, 12 Aug 2022 16:47:31 +0000 Subject: [PATCH] net/http: don't panic on very large MaxBytesReaderLimit Fixes #54408 Change-Id: I454199ae5bcd087b8fc4169b7622412105e71113 GitHub-Last-Rev: a33fe7e206d0c394440962acd360df3aa9b117c3 GitHub-Pull-Request: golang/go#54415 Reviewed-on: https://go-review.googlesource.com/c/go/+/423314 Auto-Submit: Dmitri Shuralyov Run-TryBot: xie cui <523516579@qq.com> TryBot-Result: Gopher Robot Reviewed-by: David Chase Reviewed-by: Damien Neil Reviewed-by: hopehook --- src/net/http/request.go | 3 ++- src/net/http/request_test.go | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/net/http/request.go b/src/net/http/request.go index a03a54b943..924ca1b390 100644 --- a/src/net/http/request.go +++ b/src/net/http/request.go @@ -1169,7 +1169,8 @@ func (l *maxBytesReader) Read(p []byte) (n int, err error) { // If they asked for a 32KB byte read but only 5 bytes are // remaining, no need to read 32KB. 6 bytes will answer the // question of the whether we hit the limit or go past it. - if int64(len(p)) > l.n+1 { + // 0 < len(p) < 2^63 + if int64(len(p))-1 > l.n { p = p[:l.n+1] } n, err = l.r.Read(p) diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go index ce673d34a2..672c01c387 100644 --- a/src/net/http/request_test.go +++ b/src/net/http/request_test.go @@ -982,6 +982,12 @@ func TestMaxBytesReaderDifferentLimits(t *testing.T) { wantN: len(testStr), wantErr: false, }, + 10: { /* Issue 54408 */ + limit: int64(1<<63-1), + lenP: len(testStr), + wantN: len(testStr), + wantErr: false, + }, } for i, tt := range tests { rc := MaxBytesReader(nil, io.NopCloser(strings.NewReader(testStr)), tt.limit) -- 2.50.0