Skip to content

encoding/gob: Platform-dependent int/uint size not decoding/transmitting correctly data when GOARCH mismatched #53366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghost opened this issue Jun 14, 2022 · 4 comments
Closed

encoding/gob: Platform-dependent int/uint size not decoding/transmitting correctly data when GOARCH mismatched #53366

ghost opened this issue Jun 14, 2022 · 4 comments
Labels
FrozenDueToAge

Comments

@ghost
Copy link

ghost commented Jun 14, 2022

What version of Go are you using (go version)?

$ go version
go version go1.18.3 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

I'm using Microsoft Windows WSL2/Ubuntu

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/alevykh/.cache/go-build"
GOENV="/home/alevykh/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/alevykh/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/alevykh/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.3"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3699593805=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Examples:
Server GOARCH=386
Client GOARCH=amd64

What did you expect to see?

4294967295+21=4294967316
Or overflow/out-of-range error

What did you see instead?

4294967295+21=20
@Jorropo
Copy link
Member

Jorropo commented Jun 14, 2022
edited
Loading

The spec gives well defined overflow behaviour, it roll over following two's complement modulus arithmetic.
It does not panic.

4294967295+21 = 20 is correct because there is an implicit modulus 2 power 32 (or 64 on 64bits arch) on all 32 bits operations.

The spec also allows ints and uints to vary in size.

This code does exactly what it is supposed to do. You should use uint64, safe math or big math librairies.

@seankhliao
Copy link
Member

This has nothing to do with gob, unsigned ints are defined to wrap when they overflow.

closing as there is no bug

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Jun 14, 2022
@ghost
Copy link
Author

ghost commented Jun 14, 2022
edited by ghost
Loading

The spec gives well defined overflow behavior, it roll over following two's complement modulus arithmetic. It does not panic.

@seankhliao @Jorropo
I agree.
But client doesn't know which GOARCH used on server. With heavy math calculations client WILL TRUST any responses from server.
encoding/gob as default binary transporter between client-server MUST check architecture client/server before request/response.

@Jorropo
Copy link
Member

Jorropo commented Jun 14, 2022
edited
Loading

@AlekseiLevykh it isn't a secure remote execution context.

The remote server can answer with whatever it wants anyway.

encoding/gob as default binary transporter between client-server MUST check architecture client/server before request/response.

I disagree, you should use uint when you don't care about it's size.

Here it seems you care about the size, just use uint64 then.

I would agree that a linter warning about using uint or int in gobiable structs would be nice, (I mean a third party one, not gofmt nor govet), but I don't think this is worth checking at runtime.

@golang golang locked and limited conversation to collaborators Jun 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @seankhliao @Jorropo