You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
panic: runtime error: makeslice: cap out of range
goroutine 1 [running]:
archive/zip.(*Reader).init(0xc2080104c0, 0x7fbacc72d1e8, 0xc208014450, 0x39, 0x0, 0x0)
src/archive/zip/reader.go:81 +0xf7
archive/zip.NewReader(0x7fbacc72d1e8, 0xc208014450, 0x39, 0x7fbacc72d1e8, 0x0, 0x0)
src/archive/zip/reader.go:69 +0x67
main.main()
zip.go:14 +0x131
This vulnerability makes it dangerous to open any untrusted zip files. I think that the code must check that the provided data size is large enough to contain the claimed number of files. For example, if the header claims to contains 1e9 files, then data size should be at least dozens of gigs (which should be caught by e.g. HTTP content cap).
The following program crashes with a panic:
This vulnerability makes it dangerous to open any untrusted zip files. I think that the code must check that the provided data size is large enough to contain the claimed number of files. For example, if the header claims to contains 1e9 files, then data size should be at least dozens of gigs (which should be caught by e.g. HTTP content cap).
on commit 8017ace
The text was updated successfully, but these errors were encountered: