Skip to content

Commit

Permalink
Prevent overflow and panic on large HTTP responses (#1351)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lpar
lpar committed Jul 29, 2022
1 parent f3513cc commit 42f83c6
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
6 changes: 6 additions & 0 deletions http.go
View file
Expand Up @@ -8,6 +8,7 @@ import (
"errors"
"fmt"
"io"
"math"
"mime/multipart"
"net"
"os"
Expand Down Expand Up @@ -2278,5 +2279,10 @@ func round2(n int) int {
x |= x >> 8
x |= x >> 16

// Make sure we don't return 0 due to overflow, even on 32 bit systems
if x >= uint32(math.MaxInt32) {
return math.MaxInt32
}

return int(x + 1)
}
2 changes: 2 additions & 0 deletions http_test.go
View file
Expand Up @@ -8,6 +8,7 @@ import (
"fmt"
"io"
"io/ioutil"
"math"
"mime/multipart"
"net/http"
"net/http/httptest"
Expand Down Expand Up @@ -1963,6 +1964,7 @@ func TestRound2(t *testing.T) {
testRound2(t, 8, 8)
testRound2(t, 9, 16)
testRound2(t, 0x10001, 0x20000)
testRound2(t, math.MaxInt32-1, math.MaxInt32)
}

func testRound2(t *testing.T, n, expectedRound2 int) {
Expand Down

0 comments on commit 42f83c6

Please sign in to comment.