New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/asn1: error instead of panic on invalid value to Unmarshal #41509
Comments
Change https://golang.org/cl/255881 mentions this issue: |
Seems like a reasonable change. This would only break code that relied on a panic happening to prevent brokenness, which seems less than ideal in the first place. Is there a precedent for holding up changes that fix this kind of behavior (there is a similar issue in crypto/x509 as well). |
It seems to me that a panic can only be triggered by passing a bogus second argument to Unmarshal. That's a programmer error and thus should panic. It cannot happen with correct code, so I don't see what's unpredictable about it. Now, if you noticed a panic that can be triggered by passing a garbage first argument, things would be entirely different: the encoded data may have been received over the network or otherwise originated outside your program and should not be able to cause a panic. |
@slrz Since humans can make mistakes at any time, I think all programmer errors should be reported at compile time or handled gracefully. But, this function cannot report invalid argument at compile time, so it should provide a way to handle error gracefully. I think panic is not that graceful, and current panic message is also not informative at all. |
Especially in packages that are exposed to outside data, the least we panic the better. Behavior when the library is misused is not covered by the compatibility promise, so I don't think this needs a proposal. |
@FiloSottile |
No need, the issue will get closed as fixed automatically when the CL is merged. |
Change https://golang.org/cl/267057 mentions this issue: |
For #41509 Change-Id: Ie761c428710d15848cb80ffd2d85de747113f2d4 GitHub-Last-Rev: 0554162 GitHub-Pull-Request: #42315 Reviewed-on: https://go-review.googlesource.com/c/go/+/267057 Trust: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Most packages for encoding return an error when decoding(or unamrshaling) fails due to an invalid argument.
But sadly, the
encoding/asn1
panics instead of returning an error, and I think it's pretty dangerous because it is unpredictable and fragile.So, I propose that
asn1.Unmarshal
should return an error on invalid argument.Since this proposal can make breaking changes, I'm not sure if this poposal comply to the go 1 compatibility promise. However, even if this proposal is not accepted, it may be worth mentioning that 'a panic can occur during unmarshaling' in the
encoding/asn1
document.PR
PR for this proposal: #41485
In this PR, the
asn1.Unmarshal
verifies that argument is non-nil pointer. And if it isn't,asn1.Unmarshal
will return a new errorInvalidUnmarshalError
likeencoding/json
.Examples
https://play.golang.org/p/7ChlnCY_ioI
The text was updated successfully, but these errors were encountered: