Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

cmd/go: check pattern for utf8 validity before call regexp.MustCompile

Browse source 
Do not panic if the package path or the package version contains
invalid UTF-8 characters.

Fixes #75251

Change-Id: Ib787e74277cf814253857b911d378ea5e53d8824
Reviewed-on: https://go-review.googlesource.com/c/go/+/700815
Reviewed-by: Michael Matloob <matloob@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Alexander <jitsu@google.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
This commit is contained in:
Youlin Feng 2025-09-04 09:17:26 +08:00 committed by Michael Matloob
parent c2d85eb999
commit cbdad4fc3c
3 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/cmd/go/internal/modget/query.go
View file

@ -10,6 +10,7 @@ import (
"regexp" "regexp"
"strings" "strings"
"sync" "sync"
"unicode/utf8"
"cmd/go/internal/base" "cmd/go/internal/base"
"cmd/go/internal/gover" "cmd/go/internal/gover"
@ -285,6 +286,11 @@ func reportError(q *query, err error) {
// TODO(bcmills): Use errors.As to unpack these errors instead of parsing // TODO(bcmills): Use errors.As to unpack these errors instead of parsing
// strings with regular expressions. // strings with regular expressions.
if !utf8.ValidString(q.pattern) || !utf8.ValidString(q.version) {
base.Errorf("go: %s", errStr)
return
}
patternRE := regexp.MustCompile("(?m)(?:[ \t(\"`]|^)" + regexp.QuoteMeta(q.pattern) + "(?:[ @:;)\"`]|$)") patternRE := regexp.MustCompile("(?m)(?:[ \t(\"`]|^)" + regexp.QuoteMeta(q.pattern) + "(?:[ @:;)\"`]|$)")
if patternRE.MatchString(errStr) { if patternRE.MatchString(errStr) {
if q.rawVersion == "" { if q.rawVersion == "" {

16
src/cmd/go/testdata/script/get_panic_issue75251.txt vendored Normal file
View file

@ -0,0 +1,16 @@
# Issue #75251: Don't panic if the package path or the package version
# contains invalid UTF-8 characters.
go mod init m
! go get golang.org/x/net/http/httpgutsÿv0.43.0 # contains 0xff byte
! stderr panic
stderr 'malformed module path'
! go get golang.org/x/net/http/httpgutsÿ@v0.43.0 # contains 0xff byte
! stderr panic
stderr 'malformed module path'
! go get golang.org/x/net/http/httpguts@ÿv0.43.0 # contains 0xff byte
! stderr panic
stderr 'disallowed version string'

3
src/cmd/internal/pkgpattern/pkgpattern.go
View file

@ -7,6 +7,7 @@ package pkgpattern
import ( import (
"regexp" "regexp"
"strings" "strings"
"unicode/utf8"
) )
// Note: most of this code was originally part of the cmd/go/internal/search // Note: most of this code was originally part of the cmd/go/internal/search
@ -71,7 +72,7 @@ func matchPatternInternal(pattern string, vendorExclude bool) func(name string)
const vendorChar = "\x00" const vendorChar = "\x00"
if vendorExclude && strings.Contains(pattern, vendorChar) { if vendorExclude && strings.Contains(pattern, vendorChar) || !utf8.ValidString(pattern) {
return func(name string) bool { return false } return func(name string) bool { return false }
} }