From 478b594d5117729694deecbcb205bb15b6085f7a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Alexandru=20Mo=C8=99oi?= Date: Mon, 21 Mar 2016 15:05:54 +0100 Subject: [PATCH] encoding/binary: fix bound check The inserted early bound checks cause the slice to expand beyond the original length of the slice. Change-Id: Ib38891605f4a9a12d3b9e2071a5f77640b083d2d Reviewed-on: https://go-review.googlesource.com/20981 Reviewed-by: Keith Randall Reviewed-by: Minux Ma --- src/encoding/binary/binary.go | 24 ++++++++++++------------ src/encoding/binary/binary_test.go | 27 +++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/src/encoding/binary/binary.go b/src/encoding/binary/binary.go index 69b7b03091..225ecd7d7a 100644 --- a/src/encoding/binary/binary.go +++ b/src/encoding/binary/binary.go @@ -49,23 +49,23 @@ var BigEndian bigEndian type littleEndian struct{} func (littleEndian) Uint16(b []byte) uint16 { - b = b[:2] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:2:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint16(b[0]) | uint16(b[1])<<8 } func (littleEndian) PutUint16(b []byte, v uint16) { - b = b[:2] // early bounds check to guarantee safety of writes below + b = b[:2:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v) b[1] = byte(v >> 8) } func (littleEndian) Uint32(b []byte) uint32 { - b = b[:4] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:4:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24 } func (littleEndian) PutUint32(b []byte, v uint32) { - b = b[:4] // early bounds check to guarantee safety of writes below + b = b[:4:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v) b[1] = byte(v >> 8) b[2] = byte(v >> 16) @@ -73,13 +73,13 @@ func (littleEndian) PutUint32(b []byte, v uint32) { } func (littleEndian) Uint64(b []byte) uint64 { - b = b[:8] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:8:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56 } func (littleEndian) PutUint64(b []byte, v uint64) { - b = b[:8] // early bounds check to guarantee safety of writes below + b = b[:8:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v) b[1] = byte(v >> 8) b[2] = byte(v >> 16) @@ -97,23 +97,23 @@ func (littleEndian) GoString() string { return "binary.LittleEndian" } type bigEndian struct{} func (bigEndian) Uint16(b []byte) uint16 { - b = b[:2] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:2:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint16(b[1]) | uint16(b[0])<<8 } func (bigEndian) PutUint16(b []byte, v uint16) { - b = b[:2] // early bounds check to guarantee safety of writes below + b = b[:2:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v >> 8) b[1] = byte(v) } func (bigEndian) Uint32(b []byte) uint32 { - b = b[:4] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:4:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 } func (bigEndian) PutUint32(b []byte, v uint32) { - b = b[:4] // early bounds check to guarantee safety of writes below + b = b[:4:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v >> 24) b[1] = byte(v >> 16) b[2] = byte(v >> 8) @@ -121,13 +121,13 @@ func (bigEndian) PutUint32(b []byte, v uint32) { } func (bigEndian) Uint64(b []byte) uint64 { - b = b[:8] // bounds check hint to compiler; see golang.org/issue/14808 + b = b[:8:len(b)] // bounds check hint to compiler; see golang.org/issue/14808 return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 } func (bigEndian) PutUint64(b []byte, v uint64) { - b = b[:8] // early bounds check to guarantee safety of writes below + b = b[:8:len(b)] // early bounds check to guarantee safety of writes below b[0] = byte(v >> 56) b[1] = byte(v >> 48) b[2] = byte(v >> 40) diff --git a/src/encoding/binary/binary_test.go b/src/encoding/binary/binary_test.go index fe75a00b33..c0728e943e 100644 --- a/src/encoding/binary/binary_test.go +++ b/src/encoding/binary/binary_test.go @@ -339,6 +339,33 @@ func TestReadTruncated(t *testing.T) { } } +func testUint64SmallSliceLengthPanics() (panicked bool) { + defer func() { + panicked = recover() != nil + }() + b := [8]byte{1, 2, 3, 4, 5, 6, 7, 8} + LittleEndian.Uint64(b[:4]) + return false +} + +func testPutUint64SmallSliceLengthPanics() (panicked bool) { + defer func() { + panicked = recover() != nil + }() + b := [8]byte{} + LittleEndian.PutUint64(b[:4], 0x0102030405060708) + return false +} + +func TestEarlyBoundsChecks(t *testing.T) { + if testUint64SmallSliceLengthPanics() != true { + t.Errorf("binary.LittleEndian.Uint64 expected to panic for small slices, but didn't") + } + if testPutUint64SmallSliceLengthPanics() != true { + t.Errorf("binary.LittleEndian.PutUint64 expected to panic for small slices, but didn't") + } +} + type byteSliceReader struct { remain []byte } -- 2.48.1