Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: Potential infinite loop in syscall/str.go #8332

Closed
gopherbot opened this issue Jul 6, 2014 · 3 comments
Closed

syscall: Potential infinite loop in syscall/str.go #8332

gopherbot opened this issue Jul 6, 2014 · 3 comments
Milestone

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 6, 2014

by fuzxxl:

The file syscall/str.go defines a function itoa() like this:

     7  func itoa(val int) string { // do it here rather than with fmt to avoid dependency
     8      if val < 0 {
     9          return "-" + itoa(-val)
    10      }
    11      var buf [32]byte // big enough for int64
    12      i := len(buf) - 1
    13      for val >= 10 {
    14          buf[i] = byte(val%10 + '0')
    15          i--
    16          val /= 10
    17      }
    18      buf[i] = byte(val + '0')
    19      return string(buf[i:])
    20  }

If the smallest possible integer is passed to this function, it runs into an infinite
loop / infinite recursion since the negative of the smallest integer is again a negative
value. This might be a potential security vulnerability.
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Jul 6, 2014

Comment 1:

This should be fixed, but I checked all the calls and I don't see a plausible
vulnerability.  You could write a program that converted the most negative integer to
syscall.Errno or syscall.Signal and then printed it.  That would cause the stack
overflow, but it seems unlikely that a program would take a user input number and
convert to Errno or Signal.

Labels changed: added repo-main, release-go1.4.

@gopherbot
Copy link
Author

@gopherbot gopherbot commented Sep 18, 2014

Comment 2:

CL https://golang.org/cl/138650044 mentions this issue.
@rsc
Copy link
Contributor

@rsc rsc commented Sep 18, 2014

Comment 3:

This issue was closed by revision ab76638.

Status changed to Fixed.

@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
wheatman added a commit to wheatman/go-akaros that referenced this issue Jun 25, 2018
Fixes golang#8332.

LGTM=dvyukov
R=golang-codereviews, dvyukov
CC=golang-codereviews
https://golang.org/cl/138650044
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 9, 2018
Fixes golang#8332.

LGTM=dvyukov
R=golang-codereviews, dvyukov
CC=golang-codereviews
https://golang.org/cl/138650044
wheatman added a commit to wheatman/go-akaros that referenced this issue Jul 30, 2018
Fixes golang#8332.

LGTM=dvyukov
R=golang-codereviews, dvyukov
CC=golang-codereviews
https://golang.org/cl/138650044
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.