aboutsummaryrefslogtreecommitdiff
path: root/src/encoding/gob/decoder.go
diff options
context:
space:
mode:
authorIan Lance Taylor <iant@golang.org>2022-06-24 17:00:24 -0700
committerGopher Robot <gobot@golang.org>2022-08-19 16:03:42 +0000
commitdee9adc0f73d361d00a4d9230bb3517f2448b3b0 (patch)
treec569f816e05477b18d7b8b31eb5196da8d43e395 /src/encoding/gob/decoder.go
parentf324355d1f482362b87ec4f95ceac00d4b4de797 (diff)
downloadgo-dee9adc0f73d361d00a4d9230bb3517f2448b3b0.tar.xz
encoding/gob: use saferio to read large buffer
Avoid allocating large amounts of memory for corrupt input. No test case because the problem can only happen for invalid data. Let the fuzzer find cases like this. Fixes #53369 Change-Id: I67c5e75bf181ad84988d6d6da12507df0e6df8e8 Reviewed-on: https://go-review.googlesource.com/c/go/+/413979 Reviewed-by: Joseph Tsai <joetsai@digital-static.net> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Joedian Reid <joedian@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/encoding/gob/decoder.go')
-rw-r--r--src/encoding/gob/decoder.go6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/encoding/gob/decoder.go b/src/encoding/gob/decoder.go
index 9c4257eb3b..5b77adc7e8 100644
--- a/src/encoding/gob/decoder.go
+++ b/src/encoding/gob/decoder.go
@@ -7,6 +7,7 @@ package gob
import (
"bufio"
"errors"
+ "internal/saferio"
"io"
"reflect"
"sync"
@@ -98,8 +99,9 @@ func (dec *Decoder) readMessage(nbytes int) {
panic("non-empty decoder buffer")
}
// Read the data
- dec.buf.Size(nbytes)
- _, dec.err = io.ReadFull(dec.r, dec.buf.Bytes())
+ var buf []byte
+ buf, dec.err = saferio.ReadData(dec.r, uint64(nbytes))
+ dec.buf.SetBytes(buf)
if dec.err == io.EOF {
dec.err = io.ErrUnexpectedEOF
}
generated by cgit v1.3 (git 2.53.0) at 2026-04-15 23:04:28 +0000