Closed Jayl1n closed 3 years ago
Duplicate of #76
If the array size is less than 2, it still panic in the latest commit, just like in the figure below
@dhowden
Ah yes! Thanks. Happy to receive a pull request to fix :-).
Ah yes! Thanks. Happy to receive a pull request to fix :-).
@dhowden I'm Sorry. My code is so terrible, but I can give you an advice if you don't have a better way to fix such bugs.
You could use recover()
function in which caller to regains control of a panicking goroutine. see more detail
Ah yes! Thanks. Happy to receive a pull request to fix :-).
@dhowden I'm Sorry. My code is so terrible, but I can give you an advice if you don't have a better way to fix such bugs.
No worries :-)
I will have a look now.
Just to note: the library was built to read data from valid files (and making it conform to all the specs was bad enough, so I mostly ignored safety measures to trap bad files).. Using a fuzzer will likely find lots of issues like this!
If people are using this in production environments, would definitely recommend that they wrap all alls to the library with recover (as you suggest above) to make sure that a panic here does not bring down their entire process.
@Jayl1n @dhowden nice work! would be possible to add your fuzzing test code to the repo?
This is the third vulnerability in id3v2frames.go
In readTextWithDescrFrame function, you don't check the size of b , program will happen panic when the size of b is 2 or less than 2 .
testcase 8eff69ad26a59a05ec11e38f3ca6c592f08dcc54.zip