We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go version
$ go version go version go1.19 linux/amd64
Yes
go env
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/root/.cache/go-build" GOENV="/root/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/root/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/root/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/root/.go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/root/.go/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.19" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/src/ngolo-fuzzing/go.mod" GOWORK="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"
Run https://go.dev/play/p/hLbhCDy4umq?v=gotip
The program finishing and printing Hello
panic: runtime error: slice bounds out of range [:-9223372036854773665] goroutine 1 [running]: io.(*SectionReader).Read(0xc0000cc000?, {0xc0000cc000?, 0xc0000a6aa8?, 0x40b8a5?}) /usr/local/go-faketime/src/io/io.go:511 +0x7f io.ReadAtLeast({0x4dff98, 0xc0000ac150}, {0xc0000cc000, 0x2e, 0x2e}, 0x2e) /usr/local/go-faketime/src/io/io.go:332 +0x90 io.ReadFull(...) /usr/local/go-faketime/src/io/io.go:351 archive/zip.readDirectoryHeader(0xc0000a6cd0, {0x4dff98, 0xc0000ac150}) /usr/local/go-faketime/src/archive/zip/reader.go:358 +0x70 archive/zip.readDirectoryEnd({0x4dfed8, 0xc0000ac120}, 0x107f) /usr/local/go-faketime/src/archive/zip/reader.go:633 +0x676 archive/zip.(*Reader).init(0xc0000be000, {0x4dfed8?, 0xc0000ac120}, 0x107f) /usr/local/go-faketime/src/archive/zip/reader.go:119 +0x50 archive/zip.NewReader({0x4dfed8, 0xc0000ac120}, 0x107f) /usr/local/go-faketime/src/archive/zip/reader.go:112 +0x5e main.main() /tmp/sandbox2951848341/prog.go:12 +0x17e
Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz : https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58289
Regression range is 9894ded:8354f6b5bb5baf03cb64dbf736c276f297ebea96
The text was updated successfully, but these errors were encountered:
cc @rolandshoemaker
Sorry, something went wrong.
By the way, this POC does not respect the documentation about zip.NewReader size argument, but
zip.NewReader
Fixed by http://go.dev/cl/488195, thanks!
No branches or pull requests
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Run https://go.dev/play/p/hLbhCDy4umq?v=gotip
What did you expect to see?
The program finishing and printing Hello
What did you see instead?
Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58289
Regression range is 9894ded:8354f6b5bb5baf03cb64dbf736c276f297ebea96
The text was updated successfully, but these errors were encountered: