Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encoding/gob: panics for invalid input #8084

Closed
rui314 opened this issue May 23, 2014 · 4 comments
Closed

encoding/gob: panics for invalid input #8084

rui314 opened this issue May 23, 2014 · 4 comments
Milestone

Comments

@rui314
Copy link
Member

@rui314 rui314 commented May 23, 2014

What does 'go version' print?
go version go1.3beta2 +708e129e91a9 Wed May 21 16:01:54 2014 -0700 linux/amd64

What steps reproduce the problem?
Run this program on a 64 bit machine.

package main

import (
        "bytes"
        "encoding/gob"
)

func main() {
        // Encode an int slice.
        b := new(bytes.Buffer)
        t := []int{1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
        gob.NewEncoder(b).Encode(t)

        // Set an invalid value to the first byte of the length field for the slice.
        // This makes the encoded slice very long.
        buf := b.Bytes()
        buf[len(buf)-len(t)-1] = 0xfa

        // Decode panics on 64 bit.
        u := make([]int, 0, 1)
        gob.NewDecoder(b).Decode(&u)
}

What happened?
It fails with the following error.

panic: runtime error: runtime: allocation size out of range [recovered]
        panic: runtime error: runtime: allocation size out of range

goroutine 16 [running]:
runtime.panic(0x4e3880, 0x5a2da7)
        /usr/local/google/home/ruiu/go2/src/pkg/runtime/panic.c:279 +0xf5
encoding/gob.catchError(0xc2080241c8)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/error.go:38 +0x8f
runtime.panic(0x4e3880, 0x5a2da7)
        /usr/local/google/home/ruiu/go2/src/pkg/runtime/panic.c:248 +0x18d
reflect.unsafe_NewArray(0x4b66c0, 0x20202020202, 0x0)
        /usr/local/google/home/ruiu/go2/src/pkg/runtime/iface.goc:596 +0x3a
reflect.MakeSlice(0x7fc55c9c5208, 0x4af9e0, 0x20202020202, 0x20202020202, 0x5a5f80,
0xc2080224b0, 0x7fc55c826be8, 0x7fc55c826be0)
        /usr/local/google/home/ruiu/go2/src/pkg/reflect/value.go:2227 +0x1e7
encoding/gob.(*Decoder).decodeSlice(0xc2080240f0, 0x7fc55c9c5208, 0x4af9e0,
0xc20803a400, 0xc208042d20, 0x526e58, 0x8, 0x1, 0x0, 0x7fc55c9c11b0, ...)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decode.go:672 +0xc2
encoding/gob.func·003(0xc208023380, 0xc20803a400, 0xc20803c2d0)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decode.go:892 +0xe0
encoding/gob.(*Decoder).decodeSingle(0xc2080240f0, 0xc208042aa0, 0xc20803b1c0,
0xc20803c2d0)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decode.go:487 +0x1b7
encoding/gob.(*Decoder).decodeValue(0xc2080240f0, 0xc200000041, 0x4aadc0, 0xc208042d20,
0x0, 0x160)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decode.go:1250 +0x441
encoding/gob.(*Decoder).DecodeValue(0xc2080240f0, 0x4aadc0, 0xc208042d20, 0x0, 0x160,
0x0, 0x0)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decoder.go:229 +0x195
encoding/gob.(*Decoder).Decode(0xc2080240f0, 0x4aadc0, 0xc208042d20, 0x7fc55c9c5418, 0x0)
        /usr/local/google/home/ruiu/go2/src/pkg/encoding/gob/decoder.go:204 +0x1fb

What should have happened instead?
It should not panic.
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented May 23, 2014

Comment 1:

Labels changed: added repo-main, release-go1.4.

@rsc
Copy link
Contributor

@rsc rsc commented Sep 15, 2014

Comment 2:

Status changed to Accepted.

@gopherbot
Copy link

@gopherbot gopherbot commented Sep 25, 2014

Comment 3:

CL https://golang.org/cl/142710043 mentions this issue.
@robpike
Copy link
Contributor

@robpike robpike commented Sep 25, 2014

Comment 4:

This issue was closed by revision 9c3fc83.

Status changed to Fixed.

@rui314 rui314 added fixed labels Sep 25, 2014
@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
wheatman added a commit to wheatman/go-akaros that referenced this issue Jun 25, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jun 26, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 9, 2018
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 30, 2018
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.