Fix panic in EscapeReader (#18820)

There is a potential panic due to a mistaken resetting of the length parameter when multibyte characters go over a read boundary. Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2022-02-19 15:25:31 +0000
committer: GitHub <noreply@github.com> 2022-02-19 15:25:31 +0000
commit: 4b3ebda0e78983682003e027a2da46d38f3ef76c (patch)
tree: 109cec0b0bbd681b679730827039748793b5f58c
parent: 931c2f40e7f7c7698956adecf14814dc0559f801 (diff)
download: gitea-4b3ebda0e78983682003e027a2da46d38f3ef76c.tar.gz
gitea-4b3ebda0e78983682003e027a2da46d38f3ef76c.zip
2 files changed, 10 insertions, 0 deletions
diff --git a/modules/charset/escape.go b/modules/charset/escape.go
index abe813b465..d2e8fb0d87 100644
--- a/modules/charset/escape.go
+++ b/modules/charset/escape.go
@@ -74,6 +74,7 @@ readingloop:
 	for err == nil {
 		n, err = text.Read(buf[readStart:])
 		bs := buf[:n+readStart]
+		n = len(bs)
 		i := 0
 
 		for i < len(bs) {
diff --git a/modules/charset/escape_test.go b/modules/charset/escape_test.go
index dec92b4992..1804381413 100644
--- a/modules/charset/escape_test.go
+++ b/modules/charset/escape_test.go
@@ -200,3 +200,12 @@ func TestEscapeControlReader(t *testing.T) {
 		})
 	}
 }
+
+func TestEscapeControlReader_panic(t *testing.T) {
+	bs := make([]byte, 0, 20479)
+	bs = append(bs, 'A')
+	for i := 0; i < 6826; i++ {
+		bs = append(bs, []byte("—")...)
+	}
+	_, _ = EscapeControlBytes(bs)
+}
author	zeripath <art27@cantab.net>	2022-02-19 15:25:31 +0000
committer	GitHub <noreply@github.com>	2022-02-19 15:25:31 +0000
commit	4b3ebda0e78983682003e027a2da46d38f3ef76c (patch)
tree	109cec0b0bbd681b679730827039748793b5f58c
parent	931c2f40e7f7c7698956adecf14814dc0559f801 (diff)
download	gitea-4b3ebda0e78983682003e027a2da46d38f3ef76c.tar.gz gitea-4b3ebda0e78983682003e027a2da46d38f3ef76c.zip