Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent overflow and panic on large HTTP responses #1351

Merged
merged 1 commit into from Jul 29, 2022
Merged

Prevent overflow and panic on large HTTP responses #1351

merged 1 commit into from Jul 29, 2022

Conversation

lpar
Copy link
Contributor

@lpar lpar commented Jul 28, 2022

The round2 function in http.go didn't check for overflow when converting a uint32 value +1 to an int. As a result, it could return 0 for large values, and hence attempting to handle a large response could result in a panic:

panic: runtime error: slice bounds out of range [:2930135446] with capacity 0

goroutine 36966 [running]:
github.com/valyala/fasthttp.appendBodyFixedSize(0xa1a1f8?, {0xa49b78?, 0x0?, 0x0?}, 0xa49b78?)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/http.go:2166 +0x214
github.com/valyala/fasthttp.readBody(0xa1a140?, 0xc0403869c0?, 0xc02ef77cd0?, {0xa49b78?, 0xc02ef77cd0?, 0x6918e5?})
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/http.go:2085 +0x5d
github.com/valyala/fasthttp.(*Response).ReadBody(0xc00060ab60, 0xc0403869c0?, 0x0?)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/http.go:1379 +0x186
github.com/valyala/fasthttp.(*Response).ReadLimitBody(0xc00060ab60, 0x7d7a98?, 0xc03ed69880?)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/http.go:1348 +0xd8
github.com/valyala/fasthttp.(*HostClient).doNonNilReqResp(0xc001c47d40, 0xc000628a80, 0xc00060ab60)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:1480 +0x570
github.com/valyala/fasthttp.(*HostClient).do(0xc0437abce0?, 0x0?, 0xc00060ab60)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:1372 +0x79
github.com/valyala/fasthttp.(*HostClient).Do(0xc001c47d40, 0xc000628a80, 0xc0437abce0?)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:1319 +0x91
github.com/valyala/fasthttp.(*Client).Do(0xc0000dc900, 0xc000628a80, 0x0?)
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:542 +0x59f
github.com/valyala/fasthttp.clientDoDeadline.func1()
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:1245 +0x79
created by github.com/valyala/fasthttp.clientDoDeadline
	/home/meta/go/pkg/mod/github.com/valyala/fasthttp@v1.38.0/client.go:1243 +0x46d

This patch fixes round2 to return a maximum value of math.MaxInt32, which seems to make sense given that the calculation is done using a uint32, and you probably don't want a bigger buffer than that even on 64 bit systems.

@erikdubbelboer erikdubbelboer merged commit 42f83c6 into valyala:master Jul 29, 2022
14 checks passed
@erikdubbelboer
Copy link
Collaborator

Thanks!

bbenzikry pushed a commit to bbenzikry/fasthttp that referenced this pull request Sep 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants