New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential index out of bounds in quantity_proto.go #116745
Labels
kind/bug
Categorizes issue or PR as related to a bug.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
Comments
k8s-ci-robot
added
needs-sig
Indicates an issue or PR lacks a `sig/foo` label and requires one.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
labels
Mar 20, 2023
You can assign yourself and create a pr for this if you like. |
ok, I will try to create a pr |
clarkdian
pushed a commit
to chunklhit/kubernetes
that referenced
this issue
Mar 22, 2023
bug details: kubernetes#116745
This was referenced Mar 22, 2023
Closed
Closed
Closed
clarkdian
pushed a commit
to chunklhit/kubernetes
that referenced
this issue
Mar 22, 2023
Closed
clarkdian
pushed a commit
to chunklhit/kubernetes
that referenced
this issue
Mar 22, 2023
Closed
/triage accepted |
k8s-ci-robot
added
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
and removed
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
labels
Mar 28, 2023
/sig api-machinery |
k8s-ci-robot
added
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
and removed
needs-sig
Indicates an issue or PR lacks a `sig/foo` label and requires one.
labels
Apr 19, 2023
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
k8s-ci-robot
added
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
and removed
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
labels
Apr 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
kind/bug
Categorizes issue or PR as related to a bug.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
What happened?
During fuzz testing of Kubernetes, I discovered a crash, which I believe might be an issue. this issue is in the code located at kubernetes/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go on lines 239, 255, 266, and 270.
Code Snippet
The value of index may potentially exceed the boundaries of the int type, becoming a negative value. However, there is no non-negative check in the code, and it is directly used on line 255. This may result in an out-of-bounds access error.
Comparing the skipGenerated method with others, such as in kubernetes/staging/src/k8s.io/api/apps/v1/generated.pb.go, it can be seen that they validate and handle the index accordingly.
This issue could potentially lead to program crashes and misbehavior in other locations.
Please investigate and address the issue.
What did you expect to happen?
I expect to validate and handle the “iNdEx” value to prevent program crashes.
How can we reproduce it (as minimally and precisely as possible)?
I attempted to trigger the issue using a unit test, with the following code:
Running the above unit test results in a crash and throws an exception:
If using "data := []byte("qwe123qwe123qwe123qwe1231q2ew123qwe123qwe123qwe1231q2qweqwe")", it returns a reasonable error output:
Anything else we need to know?
No response
Kubernetes version
Cloud provider
OS version
Install tools
Container runtime (CRI) and version (if applicable)
Related plugins (CNI, CSI, ...) and versions (if applicable)
The text was updated successfully, but these errors were encountered: