diff options
author | Katie Hockman <katie@golang.org> | 2022-01-19 16:54:41 -0500 |
---|---|---|
committer | Katie Hockman <katie@golang.org> | 2022-01-28 15:39:12 +0000 |
commit | 539d430efb5043cc6a2d4d4fcd2866b11717039a (patch) | |
tree | 385bc8b5e6b1a73c86562c84736958c88dff9020 | |
parent | 3a34273b8a93bb2eb413fe63d8ff2d346a434dbd (diff) | |
download | go-git-539d430efb5043cc6a2d4d4fcd2866b11717039a.tar.gz |
[release-branch.go1.17] math/big: prevent overflow in (*Rat).SetString
Credit to rsc@ for the original patch.
Thanks to the OSS-Fuzz project for discovering this
issue and to Emmanuel Odeke (@odeke_et) for reporting it.
Updates #50699
Fixes #50701
Fixes CVE-2022-23772
Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
Reviewed-on: https://go-review.googlesource.com/c/go/+/381336
Reviewed-by: Filippo Valsorda <filippo@golang.org>
-rw-r--r-- | src/math/big/ratconv.go | 5 | ||||
-rw-r--r-- | src/math/big/ratconv_test.go | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go index ac3c8bd11f..90053a9c81 100644 --- a/src/math/big/ratconv.go +++ b/src/math/big/ratconv.go @@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) { n := exp5 if n < 0 { n = -n + if n < 0 { + // This can occur if -n overflows. -(-1 << 63) would become + // -1 << 63, which is still negative. + return nil, false + } } if n > 1e6 { return nil, false // avoid excessively large exponents diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go index 15d206cb38..e55e655718 100644 --- a/src/math/big/ratconv_test.go +++ b/src/math/big/ratconv_test.go @@ -104,6 +104,7 @@ var setStringTests = []StringTest{ {in: "4/3/"}, {in: "4/3."}, {in: "4/"}, + {in: "13e-9223372036854775808"}, // CVE-2022-23772 // valid {"0", "0", true}, |