encoding/pem: don't reslice in failure modes

We re-slice the data being processed at the stat of each loop. If the var that we use to calculate where to re-slice is < 0 or > the length of the remaining data, return instead of attempting to re-slice. Change-Id: I1d6c2b6c596feedeea8feeaace370ea73ba02c4c Reviewed-on: https://go-review.googlesource.com/c/go/+/715260 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
author: Roland Shoemaker <roland@golang.org> 2025-10-27 08:15:48 -0700
committer: Gopher Robot <gobot@golang.org> 2025-11-04 09:21:51 -0800
commit: 9f6590f333ee3ecd318e95ef54073fe76d1225de (patch)
tree: 014e102c0a7746d87b648bca41becdc1848f9744 /src/encoding
parent: 34fec512ce34fb5926aa38e0ccd0083feed94733 (diff)
download: go-9f6590f333ee3ecd318e95ef54073fe76d1225de.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go
index 1da60d3227..6bf2b41ad0 100644
--- a/src/encoding/pem/pem.go
+++ b/src/encoding/pem/pem.go
@@ -95,6 +95,9 @@ func Decode(data []byte) (p *Block, rest []byte) {
 	for {
 		// If we've already tried parsing a block, skip past the END we already
 		// saw.
+		if endTrailerIndex < 0 || endTrailerIndex > len(rest) {
+			return nil, data
+		}
 		rest = rest[endTrailerIndex:]
 
 		// Find the first END line, and then find the last BEGIN line before
author	Roland Shoemaker <roland@golang.org>	2025-10-27 08:15:48 -0700
committer	Gopher Robot <gobot@golang.org>	2025-11-04 09:21:51 -0800
commit	9f6590f333ee3ecd318e95ef54073fe76d1225de (patch)
tree	014e102c0a7746d87b648bca41becdc1848f9744 /src/encoding
parent	34fec512ce34fb5926aa38e0ccd0083feed94733 (diff)
download	go-9f6590f333ee3ecd318e95ef54073fe76d1225de.tar.xz