Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/image/font/plan9font: slice bounds out of range again #57258

Closed
catenacyber opened this issue Dec 12, 2022 · 3 comments
Closed

x/image/font/plan9font: slice bounds out of range again #57258

catenacyber opened this issue Dec 12, 2022 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/QLmvnEMNep8?v=gotip

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

panic: runtime error: index out of range [78] with length 39

goroutine 1 [running]:
golang.org/x/image/font/plan9font.decompress(0xc000074f0f?, {{0x30?, 0x51?}, {0x7fce6be82648?, 0x423680?}}, {0xc000074f57?, 0x9, 0xc000040578?})
	/tmp/gopath2421614365/pkg/mod/golang.org/x/image@v0.2.0/font/plan9font/plan9font.go:572 +0x4b0
golang.org/x/image/font/plan9font.parseImage({0xc000074ef8, 0x68, 0x68})
	/tmp/gopath2421614365/pkg/mod/golang.org/x/image@v0.2.0/font/plan9font/plan9font.go:493 +0x5e5
golang.org/x/image/font/plan9font.ParseSubfont({0xc000074ef8?, 0x7fce6be77108?, 0xc000062011?}, 0x20)
	/tmp/gopath2421614365/pkg/mod/golang.org/x/image@v0.2.0/font/plan9font/plan9font.go:322 +0x3a
main.main()
	/tmp/sandbox3391557176/prog.go:12 +0x133

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54236

cc @nigeltao cf #56931
@gopherbot gopherbot added this to the Unreleased milestone Dec 12, 2022
@catenacyber
Copy link
Contributor Author

Getting also out of memory with https://go.dev/play/p/08U5XZ6yM4z?v=gotip or https://go.dev/play/p/JDeJv_SfEYn?v=gotip by the way

@thanm thanm added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Dec 12, 2022
@gopherbot
Copy link

Change https://go.dev/cl/458035 mentions this issue: font/plan9font: fix byteoffset for non-zero origin

gopherbot pushed a commit to golang/image that referenced this issue Dec 16, 2022
@nigeltao
font/plan9font: fix byteoffset for non-zero origin
c5235ae 
Updates golang/go#57258

Change-Id: I4c7305c8e61f2d2cc0227c0daf0b003bbc466497
Reviewed-on: https://go-review.googlesource.com/c/image/+/458035
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Nigel Tao <nigeltao@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Nigel Tao (INACTIVE; USE @golang.org INSTEAD) <nigeltao@google.com>
@gopherbot
Copy link

Change https://go.dev/cl/458095 mentions this issue: font/plan9font: limit the font image's dimensions

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Dec 16, 2022
@golang golang locked and limited conversation to collaborators Dec 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@dmitshur @gopherbot @thanm @catenacyber