Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/parser: infinite loop in parsing (CVE-2023-24537) [1.19 backport] #59273

Closed
gopherbot opened this issue Mar 27, 2023 · 3 comments
Closed

go/parser: infinite loop in parsing (CVE-2023-24537) [1.19 backport] #59273

gopherbot opened this issue Mar 27, 2023 · 3 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Milestone
Go1.19.8

Comments

@gopherbot
Copy link
Contributor

@julieqiu requested issue #59180 to be considered for backport to the next 1.19 minor release.

@gopherbot please open backport issues.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Mar 27, 2023
@gopherbot gopherbot mentioned this issue Mar 27, 2023
Closed
@gopherbot gopherbot added this to the Go1.19.8 milestone Mar 27, 2023
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/481980 mentions this issue: [release-branch.go1.19] go/scanner: reject large line and column numbers in //line directives

@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/481986 mentions this issue: [release-branch.go1.19] go/scanner: reject large line and column numbers in //line directives

@gopherbot
Copy link
Contributor Author

Closed by merging 126a1d0 to release-branch.go1.19.

gopherbot pushed a commit that referenced this issue Apr 4, 2023
@neild @gopherbot
[release-branch.go1.19] go/scanner: reject large line and column numb…

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
126a1d0 
…ers in //line directives

Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.

Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.

Fixes CVE-2023-24537
Fixes #59273
For #59180

Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802611
Reviewed-by: Damien Neil <dneil@google.com>
Change-Id: Ifdfa192d54f722d781a4d8c5f35b5fb72d122168
Reviewed-on: https://go-review.googlesource.com/c/go/+/481986
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
@mknyszek mknyszek changed the title security: fix CVE-2023-24537 [1.19 backport] go/parser: infinite loop in parsing (CVE-2023-24537) [1.19 backport] Apr 4, 2023
@mknyszek mknyszek added the CherryPickApproved Used during the release process for point releases label Apr 4, 2023
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Apr 4, 2023
@gantrior gantrior mentioned this issue Apr 27, 2023
Merged
@golang golang locked and limited conversation to collaborators Apr 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Projects
None yet
Milestone
Go1.19.8
Development

No branches or pull requests
3 participants
@mknyszek @dmitshur @gopherbot