New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/cipher: StreamReader.Read() panics with slice bounds out of range #16487
Comments
The issue happens because Relevant code here: Line 21 in 0104a31
A simple fix would be: func (r StreamReader) Read(dst []byte) (n int, err error) {
n, err = r.R.Read(dst)
if n <= 0 { return }
r.S.XORKeyStream(dst[:n], dst[:n])
return
} |
Can an io.Reader return negative n with error?
I think such a misbehaving Reader will cause panics in
a lot of places (e.g. io/ioutil.ReadAll).
|
@minux It can happen, for example with |
According to docs of io.Reader: https://golang.org/pkg/io/#Reader
"It returns the number of bytes read (0 <= n <= len(p)) and any error
encountered."
I think this is working as intended. Read can only return non-negative n.
|
Yeah, there's nothing to fix here. -1 is not a valid return value from an io.Reader, which has a different contract from the syscall package. Normally when a function returns a value and an error, the value is ignored if the error is non-nil, but io.Reader specifically says that both the integer and error are used. As @minux pointed out, it's documented as needing to be >= 0. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?1.6.3
What operating system and processor architecture are you using (
go env
)?darwin/amd64
What did you do?
If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on play.golang.org is best.
https://play.golang.org/p/K9hAxbE5fL
What did you expect to see?
It should not panic.
What did you see instead?
panic: runtime error: slice bounds out of range
The text was updated successfully, but these errors were encountered: