New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
io: LimitReader increases limit with negative Read count #22214
Comments
If I'm relying on
|
In #22097, I mentioned that this is a slippery slope and I'm hesitant to add further checks unless we consciously make a decision that we want all functions that take in an Adding the checks to There are several broader question at hand:
Given the large scope creep that adding these checks will cause, I'm hesitant to penalize all users of |
I don't even know what |
If your code base is encountering a number of invalid implementations of Even better, for all the implementations of |
I'm going to decline this issue. We are not going to add checks in the standard library for all possible erroneous behavior by |
What do you think, should we add those checkers to io package? |
Those types should not be added to Given the simplicity of the code, it's not bad maintaining it yourself. I don't see a strong need for it to be in the standard library. |
@dsnet thank you for explanation |
What version of Go are you using (
go version
)?go version go1.8.3 linux/amd64
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GORACE=""
GOROOT="/usr/lib/go-1.8"
GOTOOLDIR="/usr/lib/go-1.8/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build916457943=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
PKG_CONFIG="pkg-config"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
What did you do?
There is a potential bug in
io.LimitReader
in case of badio.Reader
implementation that returns negative read bytes. In that case variableN
inio.LimitReader
increase ( but it should decrease ). In the end it reads more bytes than has to.This is not critical bug, but in some cases it might be quite seriously, even despite bad implementation of
io.Reader
.Here is a demo of the bug: https://play.golang.org/p/2PYFi7J0CR
I think it would be reasonable to check read bytes before
N
decreasing, and doreturn
in case of negative reading without decreasingWhat did you expect to see?
I want to read 8 bytes
What did you see instead?
I receive 9 bytes.
ping @dsnet
The text was updated successfully, but these errors were encountered: