From b20cf0133b27893a2c6cd2c13fad3546c0d39875 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Sat, 30 Dec 2023 17:15:29 +0000 Subject: [PATCH] squashfs: fix slice bounds out of range when parsing xattr Before this fix the code crashed with errors like panic: runtime error: slice bounds out of range [282:270] [recovered] When reading xattrs. This was caused by a mixup of indices in the code. This fix is tested by TestSquashfsReadDirCornerCases and causes it to run clean. --- filesystem/squashfs/xattr.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/filesystem/squashfs/xattr.go b/filesystem/squashfs/xattr.go index f63d4029..e1894217 100644 --- a/filesystem/squashfs/xattr.go +++ b/filesystem/squashfs/xattr.go @@ -45,7 +45,7 @@ func (x *xAttrTable) find(pos int) (map[string]string, error) { xattrs := map[string]string{} for i := 0; i < int(count); i++ { // must be 4 bytes for header - if len(b[pos:]) < 4 { + if len(b[ptr:]) < 4 { return nil, fmt.Errorf("insufficient bytes %d to read the xattr at position %d", len(b[ptr:]), ptr) } // get the type and size @@ -56,7 +56,7 @@ func (x *xAttrTable) find(pos int) (map[string]string, error) { valStart := valHeaderStart + 4 // make sure we have enough bytes if len(b[nameStart:]) < xSize { - return nil, fmt.Errorf("xattr header has size %d, but only %d bytes available to read at position %d", xSize, len(b[pos+4:]), ptr) + return nil, fmt.Errorf("xattr header has size %d, but only %d bytes available to read at position %d", xSize, len(b[ptr+4:]), ptr) } if xSize < 1 { return nil, fmt.Errorf("no name given for xattr at position %d", ptr)