From 69e75c8581e15328454bb6e2f1dc347f73616b37 Mon Sep 17 00:00:00 2001 From: Alan Donovan Date: Tue, 23 Apr 2024 12:44:54 -0400 Subject: runtime: properly frame panic values in tracebacks This CL causes the printing of panic values to ensure that all newlines in the output are immediately followed by a tab, so that there is no way for a maliciously crafted panic value to fool a program attempting to parse the traceback into thinking that the panic value is in fact a goroutine stack. See https://github.com/golang/go/issues/64590#issuecomment-1932675696 + release note Updates #64590 Updates #63455 Change-Id: I5142acb777383c0c122779d984e73879567dc627 Reviewed-on: https://go-review.googlesource.com/c/go/+/581215 Auto-Submit: Alan Donovan LUCI-TryBot-Result: Go LUCI Reviewed-by: Michael Pratt --- src/runtime/panic_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/runtime/panic_test.go') diff --git a/src/runtime/panic_test.go b/src/runtime/panic_test.go index b8a300f6b1..994abfdd45 100644 --- a/src/runtime/panic_test.go +++ b/src/runtime/panic_test.go @@ -27,7 +27,7 @@ func TestPanicWithDirectlyPrintableCustomTypes(t *testing.T) { {"panicCustomInt16", `panic: main.MyInt16(93)`}, {"panicCustomInt32", `panic: main.MyInt32(93)`}, {"panicCustomInt64", `panic: main.MyInt64(93)`}, - {"panicCustomString", `panic: main.MyString("Panic")`}, + {"panicCustomString", `panic: main.MyString("Panic` + "\n\t" + `line two")`}, {"panicCustomUint", `panic: main.MyUint(93)`}, {"panicCustomUint8", `panic: main.MyUint8(93)`}, {"panicCustomUint16", `panic: main.MyUint16(93)`}, -- cgit v1.3