fuzzing: fixed calculation of serializedSize() in features.go
This commit fixes an incorrectly calculated size of a *FeatureVector in the serializedSize() function. go-fuzz found that when calling NewFeatureVectorFromReader, if a flag is invalid, it is not added to f.flags. However, it will skip the index that wasn't included. This becomes a problem when serializedSize() calculates the length of f.flags via len() which can lead to an index out of range since certain flags may be missing.
This commit is contained in:
parent
7662ea5d4d
commit
d65f17f1b1
@ -113,7 +113,19 @@ func (f *FeatureVector) SetFeatureFlag(name featureName, flag featureFlag) error
|
|||||||
// serializedSize returns the number of bytes which is needed to represent
|
// serializedSize returns the number of bytes which is needed to represent
|
||||||
// feature vector in byte format.
|
// feature vector in byte format.
|
||||||
func (f *FeatureVector) serializedSize() uint16 {
|
func (f *FeatureVector) serializedSize() uint16 {
|
||||||
return uint16(math.Ceil(float64(flagBitsSize*len(f.flags)) / 8))
|
// Find the largest index in f.flags
|
||||||
|
max := -1
|
||||||
|
for index := range f.flags {
|
||||||
|
if index > max {
|
||||||
|
max = index
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if max == -1 {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
// We calculate length via the largest index in f.flags so as to not
|
||||||
|
// get an index out of bounds in Encode's setFlag function.
|
||||||
|
return uint16(math.Ceil(float64(flagBitsSize*(max+1)) / 8))
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewFeatureVectorFromReader decodes the feature vector from binary
|
// NewFeatureVectorFromReader decodes the feature vector from binary
|
||||||
|
Loading…
Reference in New Issue
Block a user