Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

math/big: index out of range in Float.Add #57946

Closed
catenacyber opened this issue Jan 21, 2023 · 1 comment
Closed

math/big: index out of range in Float.Add #57946

catenacyber opened this issue Jan 21, 2023 · 1 comment
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/JjDgRJRZXpk

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

panic: runtime error: index out of range [-1]

goroutine 1 [running]:
math/big.fnorm({0xc000092000?, 0x0?, 0x10?})
	/usr/local/go-faketime/src/math/big/float.go:580 +0x9d
math/big.(*Float).uadd(0xc00008e030, 0xa?, 0x3500fffff9?)
	/usr/local/go-faketime/src/math/big/float.go:1253 +0x468
math/big.(*Float).Add(0xc00008e030, 0xc000074f34?, 0xc00006e000?)
	/usr/local/go-faketime/src/math/big/float.go:1466 +0x5a
main.main()
	/tmp/sandbox2865641649/prog.go:13 +0x8b


Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54807

Another variant is https://go.dev/play/p/ELqX97rhBPF

cc @rolandshoemaker

Thanks for the report. I've looked at the issue and I think it can be disclosed publicly. The issue appears to be in the Gob decoder, which incorrectly accepts a malformed float which otherwise appears impossible to generate via Float-only operations.
@seankhliao seankhliao changed the title math/big:index out of range in Float.Add math/big: index out of range in Float.Add Jan 21, 2023
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 21, 2023
AlexanderYastrebov added a commit to AlexanderYastrebov/go that referenced this issue Jan 22, 2023
@AlexanderYastrebov
math/big: validate result of Float.GobDecode
6041961 
Fixes golang#57946
@AlexanderYastrebov AlexanderYastrebov mentioned this issue Jan 22, 2023
Closed
@gopherbot
Copy link

Change https://go.dev/cl/463017 mentions this issue: math/big: validate result of Float.GobDecode

AlexanderYastrebov added a commit to AlexanderYastrebov/go that referenced this issue Jan 23, 2023
@AlexanderYastrebov
math/big: validate result of Float.GobDecode
29e0993 
Fixes golang#57946
@golang golang locked and limited conversation to collaborators Jan 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

math/big: validate result of Float.GobDecode AlexanderYastrebov/go
3 participants
@gopherbot @seankhliao @catenacyber