golang/go

encoding/gob: decoding hangs

dvyukov opened this issue · 2 comments

dvyukov commented

go version devel +8ea2438 Fri Apr 17 13:44:30 2015 +0300 linux/amd64
with https://go-review.googlesource.com/#/c/8942/ appled.

The following program hangs:

package main

import (
    "bytes"
    "encoding/gob"
    "encoding/hex"
)

func main() {
    data, _ := hex.DecodeString("10fe010f020102fe01100001fe010e000025fe010d030102fe010e0001020103" +
        "4e756d01040001084368696c6472656e01fe01100000000bfe011000f8060102" +
        "00de010400")
    gob.NewDecoder(bytes.NewReader(data)).Decode(nil)
}

The stack looks as:

SIGABRT: abort

goroutine 1 [running]:
runtime.deferreturn(0xc20807a000)
    src/runtime/panic.go:298 +0xb6 fp=0xc208083900 sp=0xc2080838b0
encoding/gob.(*Decoder).ignoreStruct(0xc20807a000, 0xc2080112c0)
    src/encoding/gob/decode.go:499 +0x1db fp=0xc208083998 sp=0xc208083900
encoding/gob.(*Decoder).decIgnoreOpFor.func5(0xc208013880, 0xc2080136c0, 0x0, 0x0, 0x0)
    src/encoding/gob/decode.go:916 +0x37 fp=0xc2080839b0 sp=0xc208083998
encoding/gob.(*Decoder).ignoreArrayHelper(0xc20807a000, 0xc2080136c0, 0xc20800af40, 0x6010200de01)
    src/encoding/gob/decode.go:578 +0x19a fp=0xc208083a30 sp=0xc2080839b0
encoding/gob.(*Decoder).ignoreSlice(0xc20807a000, 0xc2080136c0, 0xc20800af40)
    src/encoding/gob/decode.go:625 +0x54 fp=0xc208083a58 sp=0xc208083a30
encoding/gob.(*Decoder).decIgnoreOpFor.func4(0xc208013800, 0xc2080136c0, 0x0, 0x0, 0x0)
    src/encoding/gob/decode.go:905 +0x3c fp=0xc208083a78 sp=0xc208083a58
encoding/gob.(*Decoder).ignoreSingle(0xc20807a000, 0xc2080112a0)
    src/encoding/gob/decode.go:512 +0x20d fp=0xc208083b00 sp=0xc208083a78
encoding/gob.(*Decoder).decodeIgnoredValue(0xc20807a000, 0x88)
    src/encoding/gob/decode.go:1208 +0xf6 fp=0xc208083b48 sp=0xc208083b00
encoding/gob.(*Decoder).decodeValue(0xc20807a000, 0x88, 0x0, 0x0, 0x0)
    src/encoding/gob/decode.go:1171 +0xbf fp=0xc208083c50 sp=0xc208083b48
encoding/gob.(*Decoder).DecodeValue(0xc20807a000, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/encoding/gob/decoder.go:210 +0x204 fp=0xc208083d20 sp=0xc208083c50
encoding/gob.(*Decoder).Decode(0xc20807a000, 0x0, 0x0, 0x0, 0x0)
    src/encoding/gob/decoder.go:176 +0x82 fp=0xc208083dd0 sp=0xc208083d20
main.main()
    /tmp/gob.go:23 +0x417 fp=0xc208083f90 sp=0xc208083dd0
mdempsky commented

The problem is the header claims to have a 6 trillion element slice of structs, but ignoreArrayHelper doesn't check for state.b.Len() == 0 like decodeArrayHelper does, so it just keeps retrying at EOF. I'll mail a CL.

mdempsky commented

This was fixed by 4d01922.