diff options
| author | Damien Neil <dneil@google.com> | 2023-03-16 14:18:04 -0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-04-04 17:01:56 +0000 |
| commit | 3549c613b9d354d9f5410afc54dc9f7e6393c8cf (patch) | |
| tree | 3ac48d17e3816b5eeaf97c2f7bb49721c013fe04 /src/encoding/binary | |
| parent | 66ae75ff86950ae55ca1add47fa95b5576717be0 (diff) | |
| download | go-3549c613b9d354d9f5410afc54dc9f7e6393c8cf.tar.xz | |
mime/multipart: avoid excessive copy buffer allocations in ReadForm
When copying form data to disk with io.Copy,
allocate only one copy buffer and reuse it rather than
creating two buffers per file (one from io.multiReader.WriteTo,
and a second one from os.File.ReadFrom).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
For CVE-2023-24536
For #59153
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802453
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Change-Id: I732bd2e1e7467918cac8ab9d65d089272ba4656f
Reviewed-on: https://go-review.googlesource.com/c/go/+/482075
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
Diffstat (limited to 'src/encoding/binary')
0 files changed, 0 insertions, 0 deletions