Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

math/big: index out of range in Float.GobDecode [1.17 backport] #54094

Closed
gopherbot opened this issue Jul 27, 2022 · 2 comments
Closed

math/big: index out of range in Float.GobDecode [1.17 backport] #54094

gopherbot opened this issue Jul 27, 2022 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Milestone
Go1.17.13

Comments

@gopherbot
Copy link
Contributor

@rolandshoemaker requested issue #53871 to be considered for backport to the next 1.17 minor release.

@gopherbot please open backports, this is a security issue.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Jul 27, 2022
@gopherbot gopherbot mentioned this issue Jul 27, 2022
Closed
@gopherbot gopherbot added this to the Go1.17.13 milestone Jul 27, 2022
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/419814 mentions this issue: [release-branch.go1.17] math/big: check buffer lengths in GobDecode

@cherrymui cherrymui added the CherryPickApproved Used during the release process for point releases label Jul 29, 2022
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Jul 29, 2022
@gopherbot
Copy link
Contributor Author

Closed by merging 703c8ab to release-branch.go1.17.

gopherbot pushed a commit that referenced this issue Jul 29, 2022
@rolandshoemaker @cherrymui
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
703c8ab 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates #53871
Fixes #54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 9, 2022
@rolandshoemaker @danbudris
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
268843b 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 9, 2022
@rolandshoemaker @danbudris
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
f10c299 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 12, 2022
@rolandshoemaker @danbudris
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
6f7210d 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 14, 2022
@rolandshoemaker @danbudris
[release-branch.go1.17] math/big: check buffer lengths in GobDecode
2fcd1ec 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 5, 2022
@rolandshoemaker @rcrozean
math/big: check buffer lengths in GobDecode
6d6e4ca 
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@2fcd1ec
Upstream Source Commit: golang@703c8ab

# Original Information

In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 12, 2022
@rolandshoemaker @rcrozean
math/big: check buffer lengths in GobDecode
30f6a98 
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@2fcd1ec
Upstream Source Commit: golang@703c8ab

# Original Information

In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 12, 2022
@rolandshoemaker @rcrozean
math/big: check buffer lengths in GobDecode
8d0b474 
# AWS EKS
Backported To: go-1.16.15-eks
Backported On: Tue, 04 Oct 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@268843b
Upstream Source Commit: golang@703c8ab

# Original Information

In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates golang#53871
Fixes golang#54094

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419814
Reviewed-by: Julie Qiu <julieqiu@google.com>
@golang golang locked and limited conversation to collaborators Jul 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Projects
None yet
Milestone
Go1.17.13
Development

No branches or pull requests
2 participants
@gopherbot @cherrymui