зеркало из https://github.com/golang/net.git
27ecd3f315
The bpf VM did not correctly check the bounds of LoadMemShift
instructions, as it used a size of 0 instead of the correct 1.
A LoadMemShift instruction 1 past the end of the input resulted in a
runtime panic:
panic(0x5c1d40, 0x7cec00)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
golang.org/x/net/bpf.loadMemShift(...)
/home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm_instructions.go:137
golang.org/x/net/bpf.(*VM).Run(0xc00000ec40, 0xc0000173c8, 0x2, 0x8, 0x2, 0xc0000173c8, 0x0)
/home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm.go:131 +0xb0a
Fix this, and rework the out of bounds tests for load instructions to:
* Use an offset one past the end of the input, to catch this
* Use a filter that returns 1, to catch cases were the out of bounds
load does not cause a panic, but does not cause the VM to return 0.
Change-Id: I1e68886915207a34f59765805f907f36dc031f70
Reviewed-on: https://go-review.googlesource.com/c/net/+/180979
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
|
||
|---|---|---|
| .. | ||
| testdata | ||
| asm.go | ||
| constants.go | ||
| doc.go | ||
| instructions.go | ||
| instructions_test.go | ||
| setter.go | ||
| vm.go | ||
| vm_aluop_test.go | ||
| vm_bpf_test.go | ||
| vm_extension_test.go | ||
| vm_instructions.go | ||
| vm_jump_test.go | ||
| vm_load_test.go | ||
| vm_ret_test.go | ||
| vm_scratch_test.go | ||
| vm_test.go | ||