From be7b830f33ca947fc6109e631c40b1c3e10666dd Mon Sep 17 00:00:00 2001 From: bep Date: Thu, 30 Apr 2015 13:25:45 +0200 Subject: [PATCH] tpl: add sanity check to prevent panic in seq on big nums Fixes #1092 --- helpers/general.go | 6 +++++- tpl/template_test.go | 14 +++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/helpers/general.go b/helpers/general.go index f6e0cbc4f..dc9029b06 100644 --- a/helpers/general.go +++ b/helpers/general.go @@ -264,10 +264,14 @@ func Seq(args ...interface{}) ([]int, error) { } } + // sanity check + if last < -100000 { + return nil, errors.New("size of result exeeds limit") + } size := int(((last - first) / inc) + 1) // sanity check - if size > 2000 { + if size <= 0 || size > 2000 { return nil, errors.New("size of result exeeds limit") } diff --git a/tpl/template_test.go b/tpl/template_test.go index c7cd20f55..0c68516e5 100644 --- a/tpl/template_test.go +++ b/tpl/template_test.go @@ -8,6 +8,11 @@ import ( // Test for bugs discovered by https://github.com/dvyukov/go-fuzz func TestTplGoFuzzReports(t *testing.T) { + + // The following test case(s) also fail + // See https://github.com/golang/go/issues/10634 + //{"{{ seq 433937734937734969526500969526500 }}", 2}} + for i, this := range []struct { data string expectErr int @@ -17,7 +22,8 @@ func TestTplGoFuzzReports(t *testing.T) { // Issue #1090 {"{{ slicestr \"000000\" 10}}", 2}, // Issue #1091 - {"{{apply .C \"first\" 0 0 0}}", 2}} { + {"{{apply .C \"first\" 0 0 0}}", 2}, + {"{{seq 3e80}}", 2}} { templ := New() d := &Data{ @@ -26,6 +32,9 @@ func TestTplGoFuzzReports(t *testing.T) { C: []int{1, 2, 3}, D: map[int]string{1: "foo", 2: "bar"}, E: Data1{42, "foo"}, + F: []string{"a", "b", "c"}, + G: []string{"a", "b", "c", "d", "e"}, + H: "a,b,c,d,e,f", } err := templ.AddTemplate("fuzz", this.data) @@ -52,6 +61,9 @@ type Data struct { C []int D map[int]string E Data1 + F []string + G []string + H string } type Data1 struct {