diff options
author | zeripath <art27@cantab.net> | 2022-02-19 15:34:32 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-19 23:34:32 +0800 |
commit | fa9be550183204ceef313bf1aeb532c037df7bca (patch) | |
tree | d861085745952b2266e05c04cdf9ad29009447a9 /modules | |
parent | 458239b46d16987a8df19e5bd68d1838435f994d (diff) | |
download | gitea-fa9be550183204ceef313bf1aeb532c037df7bca.tar.gz gitea-fa9be550183204ceef313bf1aeb532c037df7bca.zip |
Fix panic in EscapeReader (#18820) (#18821)
Backport #18820
There is a potential panic due to a mistaken resetting of the length parameter when
multibyte characters go over a read boundary.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/charset/escape.go | 1 | ||||
-rw-r--r-- | modules/charset/escape_test.go | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/modules/charset/escape.go b/modules/charset/escape.go index abe813b465..d2e8fb0d87 100644 --- a/modules/charset/escape.go +++ b/modules/charset/escape.go @@ -74,6 +74,7 @@ readingloop: for err == nil { n, err = text.Read(buf[readStart:]) bs := buf[:n+readStart] + n = len(bs) i := 0 for i < len(bs) { diff --git a/modules/charset/escape_test.go b/modules/charset/escape_test.go index dec92b4992..1804381413 100644 --- a/modules/charset/escape_test.go +++ b/modules/charset/escape_test.go @@ -200,3 +200,12 @@ func TestEscapeControlReader(t *testing.T) { }) } } + +func TestEscapeControlReader_panic(t *testing.T) { + bs := make([]byte, 0, 20479) + bs = append(bs, 'A') + for i := 0; i < 6826; i++ { + bs = append(bs, []byte("—")...) + } + _, _ = EscapeControlBytes(bs) +} |