go/scanner: reject large line and column numbers in //line directives - go - Fork of Go programming language with my patches.

diff options

author	Damien Neil <dneil@google.com>	2023-03-22 09:33:22 -0700
committer	Gopher Robot <gobot@golang.org>	2023-04-04 17:02:28 +0000
commit	110e4fb1c2e3a21631704bbfaf672230b9ba2492 (patch)
tree	2777d9c126e86b494b4bc21da461296b6135c8ba /src/encoding/binary
parent	1e43cfa15b4b618812e85c00c9e92c2615b324c8 (diff)
download	go-110e4fb1c2e3a21631704bbfaf672230b9ba2492.tar.xz

go/scanner: reject large line and column numbers in //line directives

Setting a large line or column number using a //line directive can cause integer overflow even in small source files. Limit line and column numbers in //line directives to 2^30-1, which is small enough to avoid int32 overflow on all reasonbly-sized files. For #59180 Fixes CVE-2023-24537 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Run-TryBot: Damien Neil <dneil@google.com> Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14 Reviewed-on: https://go-review.googlesource.com/c/go/+/482078 Reviewed-by: Matthew Dempsky <mdempsky@google.com> TryBot-Bypass: Michael Knyszek <mknyszek@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com> Auto-Submit: Michael Knyszek <mknyszek@google.com>

Diffstat (limited to 'src/encoding/binary')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: