-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #50 from adamdecaf/validateOptionFLine-crash
validators: fix crash from bounds check
- Loading branch information
Showing
5 changed files
with
91 additions
and
5 deletions.
There are no files selected for viewing
1 change: 1 addition & 0 deletions
1
test/testdata/crashers/02c18143db6134169736037a308d45bfa3a11427
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{5010}TXID/000000000000000000000000000000 1 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
20 changes: 20 additions & 0 deletions
20
test/testdata/crashers/02c18143db6134169736037a308d45bfa3a11427.output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
panic: runtime error: slice bounds out of range | ||
|
||
goroutine 1 [running]: | ||
github.com/moov-io/wire.(*validator).validateOptionFName(0xc00008a220, 0xc00009402e, 0x1, 0x0, 0x0) | ||
/go/src/github.com/moov-io/wire/validators.go:575 +0x359 | ||
github.com/moov-io/wire.(*OriginatorOptionF).Validate(0xc00008a1c0, 0xc000094000, 0xb5) | ||
/go/src/github.com/moov-io/wire/originatorOptionF.go:136 +0x12d | ||
github.com/moov-io/wire.(*Reader).parseOriginatorOptionF(0xc00003fa70, 0x6, 0x60a801) | ||
/go/src/github.com/moov-io/wire/reader.go:588 +0x250 | ||
github.com/moov-io/wire.(*Reader).parseLine(0xc00003fa70, 0xc000092000, 0xb5) | ||
/go/src/github.com/moov-io/wire/reader.go:175 +0x10e9 | ||
github.com/moov-io/wire.(*Reader).Read(0xc00003fa70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...) | ||
/go/src/github.com/moov-io/wire/reader.go:74 +0x138 | ||
github.com/moov-io/wire/test/fuzz-reader.Fuzz(0x7f1559424000, 0xb5, 0x200000, 0x4) | ||
/go/src/github.com/moov-io/wire/test/fuzz-reader/reader.go:21 +0x193 | ||
go-fuzz-dep.Main(0xc00003ff80, 0x1, 0x1) | ||
/tmp/go-fuzz-build187149637/goroot/src/go-fuzz-dep/main.go:36 +0x1b6 | ||
main.main() | ||
/tmp/go-fuzz-build187149637/gopath/src/github.com/moov-io/wire/test/fuzz-reader/go.fuzz.main/main.go:15 +0x52 | ||
exit status 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
// Copyright 2019 The Moov Authors | ||
// Use of this source code is governed by an Apache License | ||
// license that can be found in the LICENSE file. | ||
|
||
package wire | ||
|
||
import ( | ||
"testing" | ||
) | ||
|
||
func TestValidators__validateOptionFName(t *testing.T) { | ||
v := &validator{} | ||
if err := v.validateOptionFName("1/SMITH JOHN"); err != nil { | ||
t.Error(err) | ||
} | ||
if err := v.validateOptionFName("1/"); err == nil { | ||
t.Error("expected error") | ||
} | ||
if err := v.validateOptionFName("1"); err == nil { | ||
t.Error("expected error") | ||
} | ||
if err := v.validateOptionFName(""); err == nil { | ||
t.Error("expected error") | ||
} | ||
if err := v.validateOptionFName(" /"); err == nil { | ||
t.Error("expected error") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
// Copyright 2019 The Moov Authors | ||
// Use of this source code is governed by an Apache License | ||
// license that can be found in the LICENSE file. | ||
|
||
package wire | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"path/filepath" | ||
"strings" | ||
"testing" | ||
) | ||
|
||
// TestWire__ReadCrashers will attempt to parse files which have previously been reported | ||
// as crashing. These files are typically generated via fuzzing, but might also be reported | ||
// by users. | ||
func TestWire__ReadCrashers(t *testing.T) { | ||
root := filepath.Join("test", "testdata", "crashers") | ||
err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error { | ||
if (err != nil && err != filepath.SkipDir) || info == nil || info.IsDir() { | ||
return nil // Ignore SkipDir and directories | ||
} | ||
if strings.HasSuffix(path, ".output") { | ||
return nil // go-fuzz makes these which contain the panic's trace | ||
} | ||
|
||
fd, err := os.Open(path) | ||
if err != nil { | ||
return fmt.Errorf("problem opening %s: %v", path, err) | ||
} | ||
|
||
// Read out test file and ensure we don't panic | ||
NewReader(fd).Read() | ||
return nil | ||
}) | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
} |