syscall: Potential infinite loop in syscall/str.go #8332
Labels
Milestone
Comments
This should be fixed, but I checked all the calls and I don't see a plausible vulnerability. You could write a program that converted the most negative integer to syscall.Errno or syscall.Signal and then printed it. That would cause the stack overflow, but it seems unlikely that a program would take a user input number and convert to Errno or Signal. Labels changed: added repo-main, release-go1.4. |
CL https://golang.org/cl/138650044 mentions this issue. |
|
This issue was closed by revision ab76638. Status changed to Fixed. |
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jun 25, 2018
Fixes golang#8332. LGTM=dvyukov R=golang-codereviews, dvyukov CC=golang-codereviews https://golang.org/cl/138650044
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jul 9, 2018
Fixes golang#8332. LGTM=dvyukov R=golang-codereviews, dvyukov CC=golang-codereviews https://golang.org/cl/138650044
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jul 30, 2018
Fixes golang#8332. LGTM=dvyukov R=golang-codereviews, dvyukov CC=golang-codereviews https://golang.org/cl/138650044
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by fuzxxl:
The file syscall/str.go defines a function itoa() like this: 7 func itoa(val int) string { // do it here rather than with fmt to avoid dependency 8 if val < 0 { 9 return "-" + itoa(-val) 10 } 11 var buf [32]byte // big enough for int64 12 i := len(buf) - 1 13 for val >= 10 { 14 buf[i] = byte(val%10 + '0') 15 i-- 16 val /= 10 17 } 18 buf[i] = byte(val + '0') 19 return string(buf[i:]) 20 } If the smallest possible integer is passed to this function, it runs into an infinite loop / infinite recursion since the negative of the smallest integer is again a negative value. This might be a potential security vulnerability.The text was updated successfully, but these errors were encountered: