fuzzing: fixed calculation of serializedSize() in features.go
This commit fixes an incorrectly calculated size of a *FeatureVector in the serializedSize() function. go-fuzz found that when calling NewFeatureVectorFromReader, if a flag is invalid, it is not added to f.flags. However, it will skip the index that wasn't included. This becomes a problem when serializedSize() calculates the length of f.flags via len() which can lead to an index out of range since certain flags may be missing.
This commit is contained in:
parent
7662ea5d4d
commit
d65f17f1b1
@ -113,7 +113,19 @@ func (f *FeatureVector) SetFeatureFlag(name featureName, flag featureFlag) error
|
||||
// serializedSize returns the number of bytes which is needed to represent
|
||||
// feature vector in byte format.
|
||||
func (f *FeatureVector) serializedSize() uint16 {
|
||||
return uint16(math.Ceil(float64(flagBitsSize*len(f.flags)) / 8))
|
||||
// Find the largest index in f.flags
|
||||
max := -1
|
||||
for index := range f.flags {
|
||||
if index > max {
|
||||
max = index
|
||||
}
|
||||
}
|
||||
if max == -1 {
|
||||
return 0
|
||||
}
|
||||
// We calculate length via the largest index in f.flags so as to not
|
||||
// get an index out of bounds in Encode's setFlag function.
|
||||
return uint16(math.Ceil(float64(flagBitsSize*(max+1)) / 8))
|
||||
}
|
||||
|
||||
// NewFeatureVectorFromReader decodes the feature vector from binary
|
||||
|
Loading…
Reference in New Issue
Block a user