diff options
| author | Alan Donovan <adonovan@google.com> | 2024-04-23 12:44:54 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-05-08 19:10:41 +0000 |
| commit | 69e75c8581e15328454bb6e2f1dc347f73616b37 (patch) | |
| tree | f0fabe495e978fb211ef909e4c4b8d8a4085d559 /src/testing/testing_test.go | |
| parent | 4513f1a1c1037574bfd94b8637329246f475a534 (diff) | |
| download | go-69e75c8581e15328454bb6e2f1dc347f73616b37.tar.xz | |
runtime: properly frame panic values in tracebacks
This CL causes the printing of panic values to ensure that all
newlines in the output are immediately followed by a tab, so
that there is no way for a maliciously crafted panic value to
fool a program attempting to parse the traceback into thinking
that the panic value is in fact a goroutine stack.
See https://github.com/golang/go/issues/64590#issuecomment-1932675696
+ release note
Updates #64590
Updates #63455
Change-Id: I5142acb777383c0c122779d984e73879567dc627
Reviewed-on: https://go-review.googlesource.com/c/go/+/581215
Auto-Submit: Alan Donovan <adonovan@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Diffstat (limited to 'src/testing/testing_test.go')
| -rw-r--r-- | src/testing/testing_test.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/testing/testing_test.go b/src/testing/testing_test.go index d3822dfd57..4a9303952e 100644 --- a/src/testing/testing_test.go +++ b/src/testing/testing_test.go @@ -762,7 +762,8 @@ func parseRunningTests(out []byte) (runningTests []string, ok bool) { inRunningTests := false for _, line := range strings.Split(string(out), "\n") { if inRunningTests { - if trimmed, ok := strings.CutPrefix(line, "\t"); ok { + // Package testing adds one tab, the panic printer adds another. + if trimmed, ok := strings.CutPrefix(line, "\t\t"); ok { if name, _, ok := strings.Cut(trimmed, " "); ok { runningTests = append(runningTests, name) continue |