ref: be7b830f33ca947fc6109e631c40b1c3e10666dd
parent: be190fdb0d43592a3c8304fa4a1919a685e10b72
author: bep <[email protected]>
date: Thu Apr 30 09:25:45 EDT 2015
tpl: add sanity check to prevent panic in seq on big nums Fixes #1092
--- a/helpers/general.go
+++ b/helpers/general.go
@@ -264,10 +264,14 @@
}
}
+ // sanity check
+ if last < -100000 {+ return nil, errors.New("size of result exeeds limit")+ }
size := int(((last - first) / inc) + 1)
// sanity check
- if size > 2000 {+ if size <= 0 || size > 2000 { return nil, errors.New("size of result exeeds limit")}
--- a/tpl/template_test.go
+++ b/tpl/template_test.go
@@ -8,6 +8,11 @@
// Test for bugs discovered by https://github.com/dvyukov/go-fuzz
func TestTplGoFuzzReports(t *testing.T) {+
+ // The following test case(s) also fail
+ // See https://github.com/golang/go/issues/10634
+ //{"{{ seq 433937734937734969526500969526500 }}", 2}}+
for i, this := range []struct {data string
expectErr int
@@ -17,7 +22,8 @@
// Issue #1090
{"{{ slicestr \"000000\" 10}}", 2},// Issue #1091
- {"{{apply .C \"first\" 0 0 0}}", 2}} {+ {"{{apply .C \"first\" 0 0 0}}", 2},+ {"{{seq 3e80}}", 2}} {templ := New()
d := &Data{@@ -26,6 +32,9 @@
C: []int{1, 2, 3}, D: map[int]string{1: "foo", 2: "bar"}, E: Data1{42, "foo"},+ F: []string{"a", "b", "c"},+ G: []string{"a", "b", "c", "d", "e"},+ H: "a,b,c,d,e,f",
}
err := templ.AddTemplate("fuzz", this.data)@@ -52,6 +61,9 @@
C []int
D map[int]string
E Data1
+ F []string
+ G []string
+ H string
}
type Data1 struct {