Skip to content
Snippets Groups Projects
Commit 032ac075 authored by Roland Shoemaker's avatar Roland Shoemaker Committed by Gopher Robot
Browse files

[release-branch.go1.23] go/build/constraint: add parsing limits 

Limit the size of build constraints that we will parse. This prevents a
number of stack exhaustions that can be hit when parsing overly complex
constraints. The imposed limits are unlikely to ever be hit in real
world usage.

Updates #69141
Fixes #69149
Fixes CVE-2024-34158

Change-Id: I38b614bf04caa36eefc6a4350d848588c4cef3c4
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1540


Reviewed-by: default avatarDamien Neil <dneil@google.com>
Reviewed-by: default avatarRuss Cox <rsc@google.com>
(cherry picked from commit 0c74dc9e0da0cf1e12494b514d822b5bebbc9f04)
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1562


Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-by: default avatarTatiana Bradley <tatianabradley@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/611177


Reviewed-by: default avatarMichael Pratt <mpratt@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: default avatarDmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
parent fa8ff1a4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment