• Kirill Smelkov's avatar
    encoder: Fix GLOBAL emission wrt module/name with \n · 6e5e403e
    Kirill Smelkov authored
    Caught via fuzzing:
    
    	"\x8c\x030\n02\x93."
    
            0: \x8c SHORT_BINUNICODE '0\n0'
            5: 2    DUP
            6: \x93 STACK_GLOBAL
            7: .    STOP
    
    	panic: protocol 0: decode back error: err
    	pickle: "c0\n0\n0\n0\n."
    
    	goroutine 1 [running]:
    	github.com/kisielk/og-rek.Fuzz(0x7f2f1009a000, 0x8, 0x200000, 0x3)
    	        /tmp/go-fuzz-build645492341/gopath/src/github.com/kisielk/og-rek/fuzz.go:47 +0x8b8
    	go-fuzz-dep.Main(0x525e10)
    	        /tmp/go-fuzz-build645492341/goroot/src/go-fuzz-dep/main.go:49 +0xad
    	main.main()
    	        /tmp/go-fuzz-build645492341/gopath/src/github.com/kisielk/og-rek/go.fuzz.main/main.go:10 +0x2d
    	exit status 2
    
    i.e. '0\n0' module name was emitted as-is as part ot text-based GLOBAL which
    completely broke pickle stream.
    
    For the reference Python decodes such globals with \n in name just ok:
    
    	In [10]: s = b"S'decimal\\nq'\nS'Decimal'\n\x93."
    
    	In [11]: pickle.loads(s)
    	---------------------------------------------------------------------------
    	ModuleNotFoundError                       Traceback (most recent call last)
    	<ipython-input-11-764e4625bc41> in <module>()
    	----> 1 pickle.loads(s)
    
    	ModuleNotFoundError: No module named 'decimal\nq'
    
    	In [12]: import sys
    
    	In [15]: d = sys.modules['decimal']
    
    	In [16]: sys.modules['decimal\nq'] = d
    
    	In [17]: pickle.loads(s)
    	Out[17]: decimal.Decimal
    6e5e403e
fuzz.go 1.7 KB