Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

math/big: index out of range in Float.GobDecode [1.18 backport] #54095

Closed
gopherbot opened this issue Jul 27, 2022 · 2 comments
Closed

math/big: index out of range in Float.GobDecode [1.18 backport] #54095

gopherbot opened this issue Jul 27, 2022 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Milestone
Go1.18.5

Comments

@gopherbot
Copy link
Contributor

@rolandshoemaker requested issue #53871 to be considered for backport to the next 1.18 minor release.

@gopherbot please open backports, this is a security issue.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Jul 27, 2022
@gopherbot gopherbot mentioned this issue Jul 27, 2022
Closed
@gopherbot gopherbot added this to the Go1.18.5 milestone Jul 27, 2022
@gopherbot
Copy link
Contributor Author

Change https://go.dev/cl/419815 mentions this issue: [release-branch.go1.18] math/big: check buffer lengths in GobDecode
@cherrymui cherrymui added the CherryPickApproved Used during the release process for point releases label Jul 29, 2022
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Jul 29, 2022
@gopherbot
Copy link
Contributor Author

Closed by merging 9240558 to release-branch.go1.18.
gopherbot pushed a commit that referenced this issue Jul 29, 2022
@rolandshoemaker @cherrymui
[release-branch.go1.18] math/big: check buffer lengths in GobDecode
9240558 
In Float.GobDecode and Rat.GobDecode, check buffer sizes before
indexing slices.

Updates #53871
Fixes #54095

Change-Id: I1b652c32c2bc7a0e8aa7620f7be9b2740c568b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/417774
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 055113e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/419815
Reviewed-by: Julie Qiu <julieqiu@google.com>
@golang golang locked and limited conversation to collaborators Jul 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
2 participants
@gopherbot @cherrymui