Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

compress/bzip2: index out of range on invalid data #8363

Closed
krasin opened this issue Jul 12, 2014 · 3 comments
Closed

compress/bzip2: index out of range on invalid data #8363

krasin opened this issue Jul 12, 2014 · 3 comments
Labels
FrozenDueToAge
Milestone
Go1.4

Comments

@krasin
Copy link

krasin commented Jul 12, 2014 

A short, malformed input to bzip2 decompressor may crash the process.

Reproducer: http://play.golang.org/p/l_7Aaj6UAI

go1.3
panic: runtime error: index out of range [recovered]
    panic: runtime error: index out of range

goroutine 16 [running]:
runtime.panic(0x128a60, 0x1bce9c)
    /tmp/sandbox/go/src/pkg/runtime/panic.c:279 +0x120
io/ioutil.func·002()
    /tmp/sandbox/go/src/pkg/io/ioutil/ioutil.go:30 +0x140
runtime.panic(0x128a60, 0x1bce9c)
    /tmp/sandbox/go/src/pkg/runtime/panic.c:248 +0x1e0
compress/bzip2.(*reader).readBlock(0x10410d80, 0x30, 0x0, 0x0)
    /tmp/sandbox/go/src/pkg/compress/bzip2/bzip2.go:353 +0x10c0
compress/bzip2.(*reader).read(0x10410d80, 0x10452000, 0x200, 0x200, 0x104280b8, 0x0,
0x0, 0x10452000)
    /tmp/sandbox/go/src/pkg/compress/bzip2/bzip2.go:184 +0x720
compress/bzip2.(*reader).Read(0x10410d80, 0x10452000, 0x200, 0x200, 0x129a00, 0x0, 0x0,
0x1)
    /tmp/sandbox/go/src/pkg/compress/bzip2/bzip2.go:101 +0x140
bytes.(*Buffer).ReadFrom(0x10426240, 0xfefd0280, 0x10410d80, 0x0, 0x0, 0x0, 0x0, 0x0)
    /tmp/sandbox/go/src/pkg/bytes/buffer.go:169 +0x260
io/ioutil.readAll(0xfefd0280, 0x10410d80, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    /tmp/sandbox/go/src/pkg/io/ioutil/ioutil.go:33 +0x200
io/ioutil.ReadAll(0xfefd0280, 0x10410d80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1040e130)
    /tmp/sandbox/go/src/pkg/io/ioutil/ioutil.go:42 +0x80
main.main()
    /tmpfs/gosandbox-6c2ae51f_78c3bfb7_2829f08e_ee1280e1_97e122b2/prog.go:19 +0x240
@bradfitz
Copy link
Contributor

Comment 1:

Owner changed to @agl.

Status changed to Accepted.

@bradfitz
Copy link
Contributor

Comment 2:

Labels changed: added release-go1.4, repo-main.

@minux
Copy link
Member

minux commented Jul 16, 2014

Comment 3:

Fixed by revision 395bf97d72a1

Status changed to Fixed.

@rsc rsc added this to the Go1.4 milestone Apr 14, 2015
@rsc rsc removed the release-go1.4 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.4
Development

No branches or pull requests
5 participants
@bradfitz @krasin @rsc @minux @gopherbot