Decode Array - Panic: Allocation size out of range Error #373

brianshih1 · 2024-04-19T23:07:23Z

Hello! I've been using Golang's fuzzer to test how ParseBytes deal with data that doesn't match the schema. I've reproduced an edge case where ParseBytes panics with panic: runtime: allocation size out of range. Here is the code:

package main

import "github.com/hamba/avro/v2"

func main() {
	rawSchema := []byte("{\"items\":{\"type\":\"boolean\"},\"type\":\"array\"}")

	schema, _ := avro.ParseBytes(rawSchema)

	data := []byte("\x02\x00\xe9\xe9\xe9\xe9\xe9\xe9\xe9\xe9\x00")
	var container any
	avro.Unmarshal(schema, data, &container)
}

This is the line of code that leads to the error. The size is 29787588086545014 while the maxAlloc size is const maxAlloc untyped int = (1 << heapAddrBits) - (1-_64bit)*1 // 281474976710656. Perhaps we should do a check here and return an error if it exceeds the maxAlloc size?

In my opinion ParseBytes should never panic and should instead return an error when dealing with invalid data.

The text was updated successfully, but these errors were encountered:

brianshih1 · 2024-04-20T00:32:43Z

PR to fix it: #374

brianshih1 changed the title ~~Panic: Allocation size out of range Error~~ Decode Array - Panic: Allocation size out of range Error Apr 19, 2024

brianshih1 mentioned this issue Apr 20, 2024

Check for max allocation #374

Merged

nrwiersma closed this as completed Apr 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Decode Array - Panic: Allocation size out of range Error #373

Decode Array - Panic: Allocation size out of range Error #373

brianshih1 commented Apr 19, 2024

brianshih1 commented Apr 20, 2024

Decode Array - Panic: Allocation size out of range Error #373

Decode Array - Panic: Allocation size out of range Error #373

Comments

brianshih1 commented Apr 19, 2024

brianshih1 commented Apr 20, 2024