Google Git
Sign in
go / go / b878d8db66faf9f8d9b2ff394123cdde21d93f8d^! / .
commitb878d8db66faf9f8d9b2ff394123cdde21d93f8d[log] [tgz]
authorIan Lance Taylor <iant@golang.org>Tue Mar 24 20:09:11 2020 -0700
committerIan Lance Taylor <iant@golang.org>Wed Mar 25 19:16:39 2020 +0000
treebcb5fb7c855109415b5dc41497648d926d7082f5
parentfcb8f8384ac62eb029926bb1f3602825fa61b261 [diff]
bufio: don't panic when Scanner sees an impossible Read count

Fixes #38053

Change-Id: Ib0f9777f37eeaa07eb8ecb6df3e97e9d4b46dcd8
Reviewed-on: https://go-review.googlesource.com/c/go/+/225357
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Rob Pike <r@golang.org>

diff --git a/src/bufio/scan.go b/src/bufio/scan.go
index 4e787c4..976b599 100644
--- a/src/bufio/scan.go
+++ b/src/bufio/scan.go

@@ -211,6 +211,10 @@
 		// be extra careful: Scanner is for safe, simple jobs.
 		for loop := 0; ; {
 			n, err := s.r.Read(s.buf[s.end:len(s.buf)])
+			if n < 0 || n > len(s.buf)-s.end {
+				n = 0
+				err = errors.New("bufio.Scanner: Read returned impossible count")
+			}
 			s.end += n
 			if err != nil {
 				s.setErr(err)

diff --git a/src/bufio/scan_test.go b/src/bufio/scan_test.go
index 2568225..ceb813a 100644
--- a/src/bufio/scan_test.go
+++ b/src/bufio/scan_test.go

@@ -537,3 +537,58 @@
 		t.Fatal("after scan:", s.Err())
 	}
 }
+
+// negativeEOFReader returns an invalid -1 at the end, as though it
+// were wrapping the read system call.
+type negativeEOFReader int
+
+func (r *negativeEOFReader) Read(p []byte) (int, error) {
+	if *r > 0 {
+		c := int(*r)
+		if c > len(p) {
+			c = len(p)
+		}
+		for i := 0; i < c; i++ {
+			p[i] = 'a'
+		}
+		p[c-1] = '\n'
+		*r -= negativeEOFReader(c)
+		return c, nil
+	}
+	return -1, io.EOF
+}
+
+// Test that the scanner doesn't panic on a reader that returns a
+// negative count of bytes read (issue 38053).
+func TestNegativeEOFReader(t *testing.T) {
+	r := negativeEOFReader(10)
+	scanner := NewScanner(&r)
+	c := 0
+	for scanner.Scan() {
+		c++
+		if c > 1 {
+			t.Error("read too many lines")
+			break
+		}
+	}
+	if scanner.Err() == nil {
+		t.Error("scanner.Err returned nil, expected an error")
+	}
+}
+
+// largeReader returns an invalid count that is larger than the number
+// of bytes requested.
+type largeReader struct{}
+
+func (largeReader) Read(p []byte) (int, error) {
+	return len(p) + 1, nil
+}
+
+func TestLargeReader(t *testing.T) {
+	scanner := NewScanner(largeReader{})
+	for scanner.Scan() {
+	}
+	if scanner.Err() == nil {
+		t.Error("scanner.Err returned nil, expected an error")
+	}
+}