[release-branch.go1.23] go/parser: track depth in nested element lists - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <bracewell@google.com>	2024-06-10 15:34:12 -0700
committer	Gopher Robot <gobot@golang.org>	2024-09-05 14:55:11 +0000
commit	53487e5477151ed75da50e50a0ba8f1ca64c00a3 (patch)
tree	543e30bb801253a7a35e821ad35304e6ba005d8b /src/encoding/gob/decode.go
parent	3d1f1f27cf2f524dc17697f8058162ada850d61e (diff)
download	go-53487e5477151ed75da50e50a0ba8f1ca64c00a3.tar.xz

[release-branch.go1.23] go/parser: track depth in nested element lists

Prevents stack exhaustion with extremely deeply nested literal values, i.e. field values in structs. Updates #69138 Fixes #69143 Fixes CVE-2024-34155 Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520 Reviewed-by: Robert Griesemer <gri@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@google.com> (cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1560 Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/611175 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>

Diffstat (limited to 'src/encoding/gob/decode.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: