Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/image/font/plan9font: slice bounds out of range #56931

Closed
catenacyber opened this issue Nov 24, 2022 · 3 comments
Closed

x/image/font/plan9font: slice bounds out of range #56931

catenacyber opened this issue Nov 24, 2022 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/79a_SlnK9GT?v=gotip

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

panic: runtime error: slice bounds out of range [:-3560154814085769899]

goroutine 1 [running]:
golang.org/x/image/font/plan9font.parseImage({0xc000074eb7, 0xa9, 0xa9})
	/tmp/gopath4079062285/pkg/mod/golang.org/x/image@v0.1.0/font/plan9font/plan9font.go:482 +0x7f8
golang.org/x/image/font/plan9font.ParseSubfont({0xc000074eb7?, 0x1?, 0x405b8a?}, 0x0)
	/tmp/gopath4079062285/pkg/mod/golang.org/x/image@v0.1.0/font/plan9font/plan9font.go:322 +0x3a
main.main()
	/tmp/sandbox1860579726/prog.go:12 +0x150

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53718
@seankhliao seankhliao changed the title golang.org/x/image/font/plan9font: slice bounds out of range x/image/font/plan9font: slice bounds out of range Nov 24, 2022
@gopherbot gopherbot added this to the Unreleased milestone Nov 24, 2022
@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 28, 2022
@cherrymui
Copy link
Member

cc @nigeltao

@catenacyber
Copy link
Contributor Author

Other sample may be
plan9font.ParseSubfont([]byte{0x63, 0x6f, 0x6d, 0x70, 0x72, 0x65, 0x73, 0x73, 0x65, 0x64, 0xa, 0x20, 0x20, 0x6b, 0x31, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x69, 0x72, 0x73, 0x74, 0x52, 0x73, 0x73, 0x65, 0x64, 0x9a, 0xdf, 0xdf, 0xdf, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x33, 0x33, 0x33, 0x33, 0x23, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x20, 0x20, 0x20, 0x20, 0x20, 0x66, 0x69, 0x72, 0x75, 0x6e, 0x65, 0x20, 0x20, 0x20, 0x31, 0x65}, '\x7f')

@gopherbot
Copy link

Change https://go.dev/cl/456195 mentions this issue: font/plan9font: fix bounds overflow

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Dec 9, 2022
@catenacyber catenacyber mentioned this issue Dec 12, 2022
Closed
@golang golang locked and limited conversation to collaborators Dec 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@dmitshur @gopherbot @cherrymui @catenacyber