github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[BUG]: slice bounds out of range at modules/git #9205

New Issue
Closed
opened 2025-11-02 08:32:11 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 08:32:11 -06:00
Owner
Copy Link

Originally created by @secsys-go on GitHub (Jul 11, 2022).

Description

I tried to parse some data with ParseTreeEntries in modules/git, but it crashed instead of returning an error

package main
import "code.gitea.io/gitea/modules/git"
func main() {
	git.ParseTreeEntries([]byte("1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000"))
}

Found by go-fuzz

Gitea Version

with git commit as ee769f7459

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu

How are you running Gitea?

I test the API in Gitea through go-fuzz

Database

No response

Originally created by @secsys-go on GitHub (Jul 11, 2022). ### Description I tried to parse some data with ParseTreeEntries in modules/git, but it crashed instead of returning an error ```go package main import "code.gitea.io/gitea/modules/git" func main() { git.ParseTreeEntries([]byte("1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000000000000000000000000000\t\n1006440000000000000000000000000000000000000000000000")) } ``` Found by [go-fuzz](https://github.com/dvyukov/go-fuzz) ### Gitea Version with git commit as ee769f7459ffba310563cd735f503d3d7576da60 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System Ubuntu ### How are you running Gitea? I test the API in Gitea through go-fuzz ### Database _No response_
GiteaMirror added the type/bug label 2025-11-02 08:32:11 -06:00
GiteaMirror commented 2025-11-02 08:32:11 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jul 11, 2022):

So I assume you are using SHA256 but not SHA1 ?

@lunny commented on GitHub (Jul 11, 2022): So I assume you are using SHA256 but not SHA1 ?
GiteaMirror commented 2025-11-02 08:32:12 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Jul 11, 2022):

So I assume you are using SHA256 but not SHA1 ?

Since that's generated by a fuzz test, it doesn't need to be SHA256 or SHA1.

@wxiaoguang commented on GitHub (Jul 11, 2022): > So I assume you are using SHA256 but not SHA1 ? Since that's generated by a fuzz test, it doesn't need to be SHA256 or SHA1.
GiteaMirror commented 2025-11-02 08:32:12 -06:00
Author
Owner
Copy Link

@Gusted commented on GitHub (Jul 11, 2022):

Fuzzing Gitea directly by calling it's function is risky and IMO incorrect, because you want to make sure that fuzz-data go trough all stages as a normal workflow would, so just fuzzing a specific function in modules/ is useless as there's a good chance that before that function is called within Gitea it already did go trough other checks, not all validation and sanity checks live in modules/ but can also lives at go-chi level or in the routers/ level. Well they do present an interesting case, unless it's actually "actionable" it isn't worth adding checks when they may already exist.

I had a quick look at the function and there are two references, one is for testing and the other reference is a helper function for parsing the raw stdout of git commands. Unless git decides to change this output or somehow be able to corrupt the output this panic cannot ever exist.

@Gusted commented on GitHub (Jul 11, 2022): Fuzzing Gitea directly by calling it's function is risky and IMO incorrect, because you want to make sure that fuzz-data go trough all stages as a normal workflow would, so just fuzzing a specific function in `modules/` is useless as there's a good chance that before that function is called within Gitea it already did go trough other checks, not all validation and sanity checks live in `modules/` but can also lives at go-chi level or in the `routers/` level. Well they do present an interesting case, unless it's actually "actionable" it isn't worth adding checks when they may already exist. ---- I had a quick look at the function and there are two references, one is for testing and the [other reference](https://github.com/go-gitea/gitea/blob/cb6c5f8193946cf65ba9b325a1989d72faaf2b86/modules/indexer/code/git.go#L72) is a helper function for parsing the raw stdout of git commands. Unless git decides to change this output or somehow be able to corrupt the output this panic cannot ever exist.
GiteaMirror commented 2025-11-02 08:32:12 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Oct 7, 2022):

-> Refactor parseTreeEntries, speed up tree list #21368

The minimal reproducible case is:

package main

import "code.gitea.io/gitea/modules/git"

func main() {
	// "runtime error: slice bounds out of range"
	ParseTreeEntries([]byte("100644 blob ea0d83c9081af9500ac9f804101b3fd0a5c293af"))
}
@wxiaoguang commented on GitHub (Oct 7, 2022): -> Refactor parseTreeEntries, speed up tree list #21368 The minimal reproducible case is: ```go package main import "code.gitea.io/gitea/modules/git" func main() { // "runtime error: slice bounds out of range" ParseTreeEntries([]byte("100644 blob ea0d83c9081af9500ac9f804101b3fd0a5c293af")) } ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9205
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?