From b49e5f951226d88cbd65a603d100b3707b68f4a6 Mon Sep 17 00:00:00 2001 From: Patrick Mezard Date: Sun, 16 Aug 2015 17:47:46 +0200 Subject: [PATCH] decode: reject strings with negative length Found running go-fuzz. --- AUTHORS | 1 + decode.go | 3 +++ decode_test.go | 1 + 3 files changed, 5 insertions(+) diff --git a/AUTHORS b/AUTHORS index 35cd8c5..a00a671 100644 --- a/AUTHORS +++ b/AUTHORS @@ -4,3 +4,4 @@ Casey Bodley Conrad Pankoff Cenk Alti Jan Winkelmann +Patrick Mézard diff --git a/decode.go b/decode.go index 43da069..812a590 100644 --- a/decode.go +++ b/decode.go @@ -238,6 +238,9 @@ func (d *Decoder) decodeString(v reflect.Value) error { if err != nil { return err } + if l < 0 { + return fmt.Errorf("invalid negative string length: %d", l) + } //read exactly l bytes out and make our string buf := make([]byte, l) diff --git a/decode_test.go b/decode_test.go index 756f032..09b2546 100644 --- a/decode_test.go +++ b/decode_test.go @@ -79,6 +79,7 @@ func TestDecode(t *testing.T) { {`di5ei2ee`, new(interface{}), nil, true}, {`d3:fooe`, new(interface{}), nil, true}, {`l3:foo3:bar`, new(interface{}), nil, true}, + {`d-1:`, new(interface{}), nil, true}, } for i, tt := range decodeCases {