New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/json: slice out of bounds decoder crash found via fuzzing #33728
Comments
Manually minified repro case, which errors on 1.12.8, but panics on master (1.13): https://play.golang.org/p/MRohOdk3uIt |
@mvdan it panics for me both with go1.12.8 and master, but with different reason. go1.12.8 gives
|
That's just an error; see my |
Change https://golang.org/cl/190659 mentions this issue: |
Change https://golang.org/cl/190909 mentions this issue: |
I'll copy @FiloSottile's comment from https://go-review.googlesource.com/c/go/+/190909/1#message-40010dc222e17a86edce656aa3c589f8c5adb95a here:
All that's left is to select which CL to go with, but we need to do that for 1.13 to avoid shipping a regression in behavior. This is a release blocker, but it shouldn't cause much extra delay because the fixes are ready. |
Up to you :) I just really, really hope that the release goes out soon. |
when is soon? :) |
This reverts CL 151157. CL 151157 introduced a crash when decoding into ",string" fields. It came with a moderate speedup, so at this stage of the release cycle let's just revert it, and reapply it in Go 1.14 with the fix in CL 190659. Also applied the test cases from CL 190659. Updates #33728 Change-Id: Ie46e2bc15224b251888580daf6b79d5865f3878e Reviewed-on: https://go-review.googlesource.com/c/go/+/190909 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Bonventre <andybons@golang.org>
Revert was landed. Closing. |
This reverts CL 151157. CL 151157 introduced a crash when decoding into ",string" fields. It came with a moderate speedup, so at this stage of the release cycle let's just revert it, and reapply it in Go 1.14 with the fix in CL 190659. Also applied the test cases from CL 190659. Updates golang#33728 Change-Id: Ie46e2bc15224b251888580daf6b79d5865f3878e Reviewed-on: https://go-review.googlesource.com/c/go/+/190909 Run-TryBot: Andrew Bonventre <andybons@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Bonventre <andybons@golang.org>
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16500
Filing this issue to track it. I'll update the thread once I have a reproducer.
This is a bug introduced in 1.13, but given how late the release already is, I don't want to mark this as a release blocker. We can easily backport a fix for 1.13.1 if necessary.
The text was updated successfully, but these errors were encountered: