crash_bin.zip
|
contents: data[tag.Offset:end], |
Hello. I run fuzzing tests in my project and discovered, that panic can occur on this line - "slice bounds out of range".
Because the RPM file, that is attached, is generated by fuzzing test, and it is not the "real rpm from real life", I think, the logic of code is correct. But still some check should be added, like
if end > len(data) {
return nil, fmt.Errorf("failed to parse entry: fail to calculate content length")
}
crash_bin.zip
go-rpmutils/header.go
Line 137 in 2660c86
Hello. I run fuzzing tests in my project and discovered, that panic can occur on this line - "slice bounds out of range".
Because the RPM file, that is attached, is generated by fuzzing test, and it is not the "real rpm from real life", I think, the logic of code is correct. But still some check should be added, like