Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

internal/zstd: avoid panic when windowSize is negative #63979

Closed
aimuz opened this issue Nov 7, 2023 · 1 comment
Closed

internal/zstd: avoid panic when windowSize is negative #63979

aimuz opened this issue Nov 7, 2023 · 1 comment
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.22

Comments

@aimuz
Copy link
Contributor

aimuz commented Nov 7, 2023

What version of Go are you using (go version)?

$ go version
devel

Does this issue reproduce with the latest release?

yes

What did you do?

Window_Size should have the same value range as Frame_Content_Size, when Frame_Content_Size exceeds the maximum value of int64, it will cause Window_Size to become negative.
According to RFC 8878, Frame_Content_Size can be any value from 1 to 2^64-1 bytes (16 EB).

Testing with the following values will trigger this issue, resulting in a panic

go test fuzz v1
[]byte("(\xb5/\xfd\xe40000000\xfa20\x000")

What did you expect to see?

What did you see instead?
aimuz added a commit to aimuz/go that referenced this issue Nov 7, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
2f398d4 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
@aimuz aimuz mentioned this issue Nov 7, 2023
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/540415 mentions this issue: internal/zstd: avoid panic when windowSize is negative

@heschi heschi added the NeedsFix The path to resolution is known, but the work has not been done. label Nov 7, 2023
@heschi heschi added this to the Go1.22 milestone Nov 7, 2023
aimuz added a commit to aimuz/go that referenced this issue Nov 9, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
911a85a 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
aimuz added a commit to aimuz/go that referenced this issue Nov 9, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
9c63469 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
aimuz added a commit to aimuz/go that referenced this issue Nov 11, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
80f9a05 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
aimuz added a commit to aimuz/go that referenced this issue Nov 12, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
12da7d3 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
aimuz added a commit to aimuz/go that referenced this issue Nov 18, 2023
@aimuz
internal/zstd: avoid panic when windowSize is negative
ab0be65 
Consistency of Window_Size and Frame_Content_Size value ranges as
per RFC 8878 3.1.1.1.2 to resolve panic issues.

Fixes golang#63979
ezz-no pushed a commit to ezz-no/go-ezzno that referenced this issue Feb 18, 2024
@aimuz @ezz-no
internal/zstd: avoid panic when windowSize is negative
cb9506a 
This change fixes an edge case in the zstd decompressor where
an int conversion could result in a negative window size.

Fixes golang#63979
For golang#62513

Change-Id: Ie714bf8fb51fa509b310deb8bd2c96bd87b52852
GitHub-Last-Rev: ab0be65
GitHub-Pull-Request: golang#63980
Reviewed-on: https://go-review.googlesource.com/c/go/+/540415
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: M Zhuo <mengzhuo1203@gmail.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: M Zhuo <mengzhuo1203@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Jan 29, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.22
Development

Successfully merging a pull request may close this issue.

internal/zstd: avoid panic when windowSize is negative aimuz/go
3 participants
@gopherbot @aimuz @heschi