Skip to content

x/text: panic in language.ParseAcceptLanguage while processing bcp47 tag #42536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ph1048 opened this issue Nov 12, 2020 · 8 comments
Closed

x/text: panic in language.ParseAcceptLanguage while processing bcp47 tag #42536

ph1048 opened this issue Nov 12, 2020 · 8 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@ph1048
Copy link

ph1048 commented Nov 12, 2020

What version of Go are you using (go version)?

$ go version
go version go1.15.4 linux/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/sasha/.cache/go-build"
GOENV="/home/sasha/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/sasha/goenv/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/sasha/goenv"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build111267796=/tmp/go-build -gno-record-gcc-switches"
GOROOT/bin/go version: go version go1.15.4 linux/amd64
GOROOT/bin/go tool compile -V: compile version go1.15.4
uname -sr: Linux 4.19.128-microsoft-standard
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2020.2
Codename:	kali-rolling
/lib/x86_64-linux-gnu/libc.so.6: GNU C Library (Debian GLIBC 2.31-3) stable release version 2.31.
gdb --version: GNU gdb (Debian 9.2-1) 9.2

What did you do?

https://play.golang.org/p/SwAU9tKYRsj

What did you expect to see?

Error via return value

What did you see instead?

panic: runtime error: slice bounds out of range [9:8]

goroutine 1 [running]:
golang.org/x/text/internal/language.(*scanner).resizeRange(0xc000068d08, 0x6, 0x8, 0x3)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:142 +0x2e7
golang.org/x/text/internal/language.(*scanner).replace(...)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:151
golang.org/x/text/internal/language.parseTag(0xc000068d08, 0x0, 0x0, 0x0, 0xc00007e0a3)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:296 +0x13b
golang.org/x/text/internal/language.parseExtension(0xc000068d08, 0x8)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:552 +0xe74
golang.org/x/text/internal/language.parseExtensions(0xc000068d08, 0x3030000000000)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:451 +0xa5
golang.org/x/text/internal/language.parse(0xc000068d08, 0x4d9210, 0x7, 0x3030000000000, 0x0, 0x0, 0x0, 0x0)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:268 +0x2bc
golang.org/x/text/internal/language.Parse(0x4d9210, 0x7, 0x0, 0x0, 0x0, 0x4b1185, 0x4d9210)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/internal/language/parse.go:250 +0x1c7
golang.org/x/text/language.CanonType.Parse(0x17, 0x4d9210, 0x7, 0x4d9210, 0x7, 0x0, 0x0, 0x3fc0389239a6386c)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/language/parse.go:46 +0x3f
golang.org/x/text/language.Parse(...)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/language/parse.go:34
golang.org/x/text/language.ParseAcceptLanguage(0x4d9210, 0x7, 0xc000068f48, 0x442bca, 0x56ed40, 0xc000032778, 0xc000068f78, 0x405e25, 0xc00005e058, 0x0)
	/tmp/gopath300097471/pkg/mod/golang.org/x/text@v0.3.4/language/parse.go:154 +0x165
main.main()
	/tmp/sandbox168582112/prog.go:10   ##+0x3a
@odeke-em odeke-em changed the title text/language: panic in language.ParseAcceptLanguage while processing bcp47 tag x/text: panic in language.ParseAcceptLanguage while processing bcp47 tag Nov 12, 2020
@gopherbot gopherbot added this to the Unreleased milestone Nov 12, 2020
@odeke-em
Copy link
Member

Thank you for this report @ph1048! Kindly paging @mpvl

@odeke-em odeke-em added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 12, 2020
@mengzhuo
Copy link
Contributor

Hmm...Gobot not working

https://go-review.googlesource.com/c/text/+/270697

@odeke-em
Copy link
Member

@mengzhuo thanks for mailing the fix! To get gobot to attach to the proper issue, for any repo that isn’t the main Go repository, please use this format:
Fixes golang/go#NNNN

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/270697 mentions this issue: internal/language: fix resizeRange index wrong way

@mengzhuo
Copy link
Contributor

@odeke-em it works, thanks for the info.

@carnil
Copy link

carnil commented Jan 2, 2021

CVE-2020-28852 appears to have been assigned for this issue.

@andyedwardsibm
Copy link

It looks like the fix isn't in a "released" version yet (https://github.com/golang/text/releases/tag/v0.3.4 looks like the latest release and that's from before the fix went in). Is that accurate? How do I get the fixed code?

@rsc
Copy link
Contributor

rsc commented Jan 8, 2021

This is fixed in the just-released v0.3.5. Sorry for the delayed tagging.

@dvasilen dvasilen mentioned this issue Jan 21, 2021
Closed
@sfowl sfowl mentioned this issue Jan 29, 2021
Closed
@sfowl sfowl mentioned this issue Feb 17, 2021
Merged
@RaduBerinde RaduBerinde mentioned this issue Apr 20, 2021
Closed
@dims dims mentioned this issue May 28, 2021
Merged
ncopa added a commit to ncopa/k0s that referenced this issue Oct 28, 2021
@ncopa
Lock golang.org/x/text to v0.3.6 in go.mod (CVE-2020-28852)
abfa8b4 
golang/go#42536

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
ncopa added a commit to ncopa/k0s that referenced this issue Oct 28, 2021
@ncopa
Lock golang.org/x/text to v0.3.6 in go.mod (CVE-2020-28852)
7b0793d 
golang/go#42536

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
ncopa added a commit to ncopa/k0s that referenced this issue Oct 28, 2021
@ncopa
Lock golang.org/x/text to v0.3.6 in go.mod (CVE-2020-28852)
ac41ead 
golang/go#42536

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
ncopa added a commit to ncopa/k0s that referenced this issue Oct 28, 2021
@ncopa
Lock golang.org/x/text to v0.3.6 in go.mod (CVE-2020-28852)
7284218 
golang/go#42536

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
ncopa added a commit to ncopa/k0s that referenced this issue Oct 28, 2021
@ncopa
Lock golang.org/x/text to v0.3.6 in go.mod (CVE-2020-28852)
01246ac 
golang/go#42536

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
@golang golang locked and limited conversation to collaborators Jan 8, 2022
xhit pushed a commit to xhit/text that referenced this issue Oct 10, 2022
@mengzhuo @xhit
internal/language: fix resizeRange index wrong way

Verified

This commit was signed with the committer’s verified signature.
xhit Santiago De la Cruz
GPG key ID: 40A6C44C770472AF
Verified
Learn about vigilant mode
33ac990 
Fixes golang/go#42536

Change-Id: I572cdbb26d320c4d9a972d555ddc6427ce1f0348
Reviewed-on: https://go-review.googlesource.com/c/text/+/270697
Run-TryBot: Meng Zhuo <mzh@golangcn.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Marcel van Lohuizen <mpvl@golang.org>
Trust: Meng Zhuo <mzh@golangcn.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
7 participants
@rsc @carnil @mengzhuo @andyedwardsibm @odeke-em @ph1048 @gopherbot