projects / golang-1.15.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2b6983) | patch
[PATCH] [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString
authorRobert Griesemer <gri@golang.org>
Sun, 2 May 2021 18:27:03 +0000 (11:27 -0700)
committerShengjing Zhu <zhsj@debian.org>
Tue, 13 Jul 2021 05:55:42 +0000 (06:55 +0100)
commit18d94d85a9cb8ad7416727f4ae4543bd636b306e
tree8d81fd8cb1523bfed0f78dca3ee4bfe27909170btree | snapshot
parentd2b6983979feb28be7a982031ac4de6e705ca957commit | diff
[PATCH] [release-branch.go1.15] math/big: check for excessive exponents in Rat.SetString

Found by OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33284

Thanks to Emmanuel Odeke for reporting this issue.

Updates #45910
Fixes #46305
Fixes CVE-2021-33198

Change-Id: I61e7b04dbd80343420b57eede439e361c0f7b79c
Reviewed-on: https://go-review.googlesource.com/c/go/+/316149
Trust: Robert Griesemer <gri@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Robert Griesemer <gri@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
(cherry picked from commit 6c591f79b0b5327549bd4e94970f7a279efb4ab0)
Reviewed-on: https://go-review.googlesource.com/c/go/+/321831
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Gbp-Pq: Name 0012-CVE-2021-33198.patch
src/math/big/ratconv.go diff | blob | history
src/math/big/ratconv_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.