mengjinglei / snappy-go

Automatically exported from code.google.com/p/snappy-go
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Decode panics when passed malformed input #7

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

Call snappy.Decode(nil, x) where x has the form 0xff 0xff 0xff 0xff ... 0xff 
0x00. The function call issues a runtime panic.

What is the expected output? What do you see instead?

No panic and a non-nil error returned, "snappy: corrupt input" or something 
reasonable. This is the behavior if the input has fewer than five 0xff bytes.

What version of the product are you using? On what operating system?

Revision 12e4b4183793 (go1.3.1-linux-amd64)

Please provide any additional information below.

There seem to be panics in three different locations, depending on the length 
of the input. I put together a gist showing the lengths at which each different 
panic occurs.

https://gist.github.com/bmatsuo/2cad6e15c1e3a04d9879

I'm not actually positive these inputs are invalid by the spec. I just stumbled 
into them testing behavior of "github.com/mreiferson/go-snappystream" when 
decoding junk input.

Original issue reported on code.google.com by bryan.matsuo on 8 Sep 2014 at 2:11