Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

text: address out-of-bounds panic in parseGNUStepValue #79

Merged
merged 1 commit into from
Oct 24, 2023
Merged

text: address out-of-bounds panic in parseGNUStepValue #79

merged 1 commit into from
Oct 24, 2023

Conversation

TomSellers
Copy link
Contributor

This PR addresses a index out of range panic in parseGNUStepValue. This panic was identified as part of internal fuzzer based testing of our code.

Reproducer

package main

import (
	"bytes"

	"howett.net/plist"
)

func main() {
	data := []byte(`(plist versionGetValue<*B"">`)

	dec := plist.NewDecoder(bytes.NewReader(data))
	res := make(map[string]interface{})

	_ = dec.Decode(res)
}

Results

go run ./main.go

panic: runtime error: index out of range [0] with length 0 [recovered]
	panic: runtime error: index out of range [0] with length 0 [recovered]
	panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
howett.net/plist.(*Decoder).Decode.func1()
	/Users/me/git/go-plist/decode.go:30 +0xac
panic({0x1023deaa0?, 0x14000116018?})
	/usr/local/go/src/runtime/panic.go:914 +0x218
howett.net/plist.(*textPlistParser).parseDocument.func1()
	/Users/me/git/go-plist/text_parser.go:74 +0xe0
panic({0x1023deaa0?, 0x14000116018?})
	/usr/local/go/src/runtime/panic.go:914 +0x218
howett.net/plist.(*textPlistParser).parseGNUStepValue(0x1400010aea0)
	/Users/me/git/go-plist/text_parser.go:460 +0x4e0
howett.net/plist.(*textPlistParser).parsePlistValue(0x1400010aea0)
	/Users/me/git/go-plist/text_parser.go:554 +0x17c
howett.net/plist.(*textPlistParser).parseArray(0x1400010aea0)
	/Users/me/git/go-plist/text_parser.go:399 +0xd4
howett.net/plist.(*textPlistParser).parsePlistValue(0x1400010aea0)
	/Users/me/git/go-plist/text_parser.go:567 +0x190
howett.net/plist.(*textPlistParser).parseDocument(0x1400010aea0)
	/Users/me/git/go-plist/text_parser.go:91 +0xa4
howett.net/plist.(*Decoder).Decode(0x14000140000, {0x1023d21e0, 0x140001101b0})
	/Users/me/git/go-plist/decode.go:58 +0x210
main.main()
	/Users/me/git/go-plist/cmd/crasher/main.go:15 +0xfc
exit status 2

I built a quick Fuzzer for Decode with a good test corpus in order to identify related bugs but nothing shook out in roughly an hour.

@DHowett
Copy link
Owner

DHowett commented Oct 24, 2023

Thanks for the fix, and for fuzzing go-plist! I'm only a little surprised gofuzz didn't catch it, but all the more grateful that somebody did. 😄

@DHowett DHowett changed the title Address panic in parseGNUStepValue text: address out-of-bounds panic in parseGNUStepValue Oct 24, 2023
@DHowett DHowett merged commit 5afcd13 into DHowett:main Oct 24, 2023
1 check passed
@TomSellers TomSellers deleted the bug/panic_parseGNUStepValue branch October 30, 2023 13:18
@TomSellers
Copy link
Contributor Author

Thanks for landing @DHowett
Would it be possible to tag a new release that contains the fixes in this PR and #78?

@DHowett
Copy link
Owner

DHowett commented Dec 1, 2023

I'm so sorry I missed this. Yes, here's v1.0.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DHowett DHowett DHowett approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TomSellers @DHowett