projects / golang-1.15.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a9c71cc) | patch
[PATCH] [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString
authorRobert Griesemer <gri@golang.org>
Sun, 2 May 2021 18:27:03 +0000 (11:27 -0700)
committerShengjing Zhu <zhsj@debian.org>
Sat, 5 Jun 2021 11:36:34 +0000 (12:36 +0100)
commit56408697005f886ac3932dc9a280026949806843
tree4378dcf5932e2685389dc39176f7c5f5e02abe53tree | snapshot
parenta9c71cc3b0f66e7d3757d1ceb30167988d83389ccommit | diff
[PATCH] [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString

Found by OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33284

Thanks to Emmanuel Odeke for reporting this issue.

Updates #45910
Fixes #46305
Fixes CVE-2021-33198

Change-Id: I61e7b04dbd80343420b57eede439e361c0f7b79c
Reviewed-on: https://go-review.googlesource.com/c/go/+/316149
Trust: Robert Griesemer <gri@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Robert Griesemer <gri@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
(cherry picked from commit 6c591f79b0b5327549bd4e94970f7a279efb4ab0)
Reviewed-on: https://go-review.googlesource.com/c/go/+/321831
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Gbp-Pq: Name 0012-CVE-2021-33198.patch
src/math/big/ratconv.go diff | blob | history
src/math/big/ratconv_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.