CVE-2022-23772

author Katie Hockman <katie@golang.org>

Wed, 19 Jan 2022 21:54:41 +0000 (16:54 -0500)

committer Shengjing Zhu <zhsj@debian.org>

Fri, 4 Mar 2022 13:48:18 +0000 (13:48 +0000)
author Katie Hockman <katie@golang.org>
Wed, 19 Jan 2022 21:54:41 +0000 (16:54 -0500)
committer Shengjing Zhu <zhsj@debian.org>
Fri, 4 Mar 2022 13:48:18 +0000 (13:48 +0000)
diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go

index ac3c8bd11f8a86756c7753c72d0454a0b9132937..90053a9c81d3b8c0fd697b4937d001a193344c93 100644 (file)
--- a/src/math/big/ratconv.go
+++ b/src/math/big/ratconv.go
@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
                 n := exp5
                 if n < 0 {
                         n = -n
+                       if n < 0 {
+                               // This can occur if -n overflows. -(-1 << 63) would become
+                               // -1 << 63, which is still negative.
+                               return nil, false
+                       }
                 }
                 if n > 1e6 {
                         return nil, false // avoid excessively large exponents
diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go

index 15d206cb386ab41dd0e79c2e5e01869413158763..e55e655718984abe1957cf3f521c602ca9393b11 100644 (file)
--- a/src/math/big/ratconv_test.go
+++ b/src/math/big/ratconv_test.go
@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
         {in: "4/3/"},
         {in: "4/3."},
         {in: "4/"},
+       {in: "13e-9223372036854775808"}, // CVE-2022-23772
  
         // valid
         {"0", "0", true},
author	Katie Hockman <katie@golang.org>
	Wed, 19 Jan 2022 21:54:41 +0000 (16:54 -0500)
committer	Shengjing Zhu <zhsj@debian.org>
	Fri, 4 Mar 2022 13:48:18 +0000 (13:48 +0000)
src/math/big/ratconv.go		patch \| blob \| history
src/math/big/ratconv_test.go		patch \| blob \| history