New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http/request: maxBytesReader.Read int64 overflow #54408
Labels
Milestone
Comments
beforefunc (l *maxBytesReader) Read(p []byte) (n int, err error) {
if l.err != nil {
return 0, l.err
}
if len(p) == 0 {
return 0, nil
}
// If they asked for a 32KB byte read but only 5 bytes are
// remaining, no need to read 32KB. 6 bytes will answer the
// question of the whether we hit the limit or go past it.
if int64(len(p)) > l.n+1 {
p = p[:l.n+1]
}
n, err = l.r.Read(p)
if int64(n) <= l.n {
l.n -= int64(n)
l.err = err
return n, err
}
n = int(l.n)
l.n = 0
// The server code and client code both use
// maxBytesReader. This "requestTooLarge" check is
// only used by the server code. To prevent binaries
// which only using the HTTP Client code (such as
// cmd/go) from also linking in the HTTP server, don't
// use a static type assertion to the server
// "*response" type. Check this interface instead:
type requestTooLarger interface {
requestTooLarge()
}
if res, ok := l.w.(requestTooLarger); ok {
res.requestTooLarge()
}
l.err = errors.New("http: request body too large")
return n, l.err
} afterfunc (l *maxBytesReader) Read(p []byte) (n int, err error) {
if l.err != nil {
return 0, l.err
}
if len(p) == 0 {
return 0, nil
}
// 0 < len(p) < 2^63
if int64(len(p)) - 1 > l.n {
p = p[:l.n+1]
}
n, err = l.r.Read(p)
if int64(n) <= l.n {
l.n -= int64(n)
l.err = err
return n, err
}
n = int(l.n)
l.n = 0
type requestTooLarger interface {
requestTooLarge()
}
if res, ok := l.w.(requestTooLarger); ok {
res.requestTooLarge()
}
l.err = errors.New("http: request body too large")
return n, l.err
} |
seankhliao
added
the
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
label
Aug 12, 2022
cc @neild |
cuiweixie
added a commit
to cuiweixie/go
that referenced
this issue
Aug 12, 2022
Change https://go.dev/cl/423314 mentions this issue: |
cuiweixie
added a commit
to cuiweixie/go
that referenced
this issue
Aug 12, 2022
cuiweixie
added a commit
to cuiweixie/go
that referenced
this issue
Aug 12, 2022
cuiweixie
added a commit
to cuiweixie/go
that referenced
this issue
Aug 12, 2022
cuiweixie
added a commit
to cuiweixie/go
that referenced
this issue
Aug 12, 2022
dmitshur
added
NeedsFix
The path to resolution is known, but the work has not been done.
and removed
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
labels
Aug 26, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I wrote the following code in main.go:
Then run the command
go run main.go
What did you expect to see?
Starting: /Users/chenxiangyu/go/bin/dlv dap --check-go-version=false --listen=127.0.0.1:56670 --log-dest=3 from /Users/chenxiangyu/arrow-cli/example/
DAP server listening at: 127.0.0.1:56670
Type 'dlv help' for list of commands.
foo
Process 35830 has exited with status 0
Detaching
dlv dap (35802) exited with code: 0
What did you see instead?
Exception has occurred: panic
"runtime error: slice bounds out of range [:-9223372036854775808]"
Stack:
3 0x00000000012ebb2a in net/http.(*maxBytesReader).Read
at /usr/local/go/src/net/http/request.go:1152
4 0x00000000013e2d0a in main.main
at /Users/chenxiangyu/arrow-cli/example/main.go:13
The text was updated successfully, but these errors were encountered: