aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2022-02-19 15:34:32 +0000
committerGitHub <noreply@github.com>2022-02-19 23:34:32 +0800
commitfa9be550183204ceef313bf1aeb532c037df7bca (patch)
treed861085745952b2266e05c04cdf9ad29009447a9 /modules
parent458239b46d16987a8df19e5bd68d1838435f994d (diff)
downloadgitea-fa9be550183204ceef313bf1aeb532c037df7bca.tar.gz
gitea-fa9be550183204ceef313bf1aeb532c037df7bca.zip
Fix panic in EscapeReader (#18820) (#18821)
Backport #18820 There is a potential panic due to a mistaken resetting of the length parameter when multibyte characters go over a read boundary. Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules')
-rw-r--r--modules/charset/escape.go1
-rw-r--r--modules/charset/escape_test.go9
2 files changed, 10 insertions, 0 deletions
diff --git a/modules/charset/escape.go b/modules/charset/escape.go
index abe813b465..d2e8fb0d87 100644
--- a/modules/charset/escape.go
+++ b/modules/charset/escape.go
@@ -74,6 +74,7 @@ readingloop:
for err == nil {
n, err = text.Read(buf[readStart:])
bs := buf[:n+readStart]
+ n = len(bs)
i := 0
for i < len(bs) {
diff --git a/modules/charset/escape_test.go b/modules/charset/escape_test.go
index dec92b4992..1804381413 100644
--- a/modules/charset/escape_test.go
+++ b/modules/charset/escape_test.go
@@ -200,3 +200,12 @@ func TestEscapeControlReader(t *testing.T) {
})
}
}
+
+func TestEscapeControlReader_panic(t *testing.T) {
+ bs := make([]byte, 0, 20479)
+ bs = append(bs, 'A')
+ for i := 0; i < 6826; i++ {
+ bs = append(bs, []byte("—")...)
+ }
+ _, _ = EscapeControlBytes(bs)
+}