From 218e744a8790a39efa88130efec46817bb57630d Mon Sep 17 00:00:00 2001 From: Will Charczuk Date: Fri, 23 Aug 2024 08:41:44 -0700 Subject: [PATCH] narrow fix for CVE-2024-40060 --- box.go | 16 ++++++++++++++++ chart_test.go | 19 +++++++++++++++++++ stacked_bar_chart.go | 6 ++++++ 3 files changed, 41 insertions(+) diff --git a/box.go b/box.go index 9611ff9..2641bd4 100644 --- a/box.go +++ b/box.go @@ -254,6 +254,22 @@ func (b Box) OuterConstrain(bounds, other Box) Box { return newBox } +func (b Box) Validate() error { + if b.Left < 0 { + return fmt.Errorf("invalid left; must be >= 0") + } + if b.Right < 0 { + return fmt.Errorf("invalid right; must be > 0") + } + if b.Top < 0 { + return fmt.Errorf("invalid top; must be > 0") + } + if b.Bottom < 0 { + return fmt.Errorf("invalid bottom; must be > 0") + } + return nil +} + // BoxCorners is a box with independent corners. type BoxCorners struct { TopLeft, TopRight, BottomRight, BottomLeft Point diff --git a/chart_test.go b/chart_test.go index 8026848..8382a4c 100644 --- a/chart_test.go +++ b/chart_test.go @@ -573,3 +573,22 @@ func TestChartE2ELineWithFill(t *testing.T) { testutil.AssertEqual(t, defaultSeriesColor, at(i, 0, 49)) testutil.AssertEqual(t, defaultSeriesColor, at(i, 49, 0)) } + +func Test_Chart_cve(t *testing.T) { + poc := StackedBarChart{ + Title: "poc", + Bars: []StackedBar{ + { + Name: "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", + Values: []Value{ + {Value: 1, Label: "infinite"}, + {Value: 1, Label: "loop"}, + }, + }, + }, + } + + var imgContent bytes.Buffer + err := poc.Render(PNG, &imgContent) + testutil.AssertNotNil(t, err) +} diff --git a/stacked_bar_chart.go b/stacked_bar_chart.go index 10aa545..b0c781c 100644 --- a/stacked_bar_chart.go +++ b/stacked_bar_chart.go @@ -118,12 +118,18 @@ func (sbc StackedBarChart) Render(rp RendererProvider, w io.Writer) error { var canvasBox Box if sbc.IsHorizontal { canvasBox = sbc.getHorizontalAdjustedCanvasBox(r, sbc.getDefaultCanvasBox()) + if err := canvasBox.Validate(); err != nil { + return fmt.Errorf("invalid canvas box: %w", err) + } sbc.drawCanvas(r, canvasBox) sbc.drawHorizontalBars(r, canvasBox) sbc.drawHorizontalXAxis(r, canvasBox) sbc.drawHorizontalYAxis(r, canvasBox) } else { canvasBox = sbc.getAdjustedCanvasBox(r, sbc.getDefaultCanvasBox()) + if err := canvasBox.Validate(); err != nil { + return fmt.Errorf("invalid canvas box: %w", err) + } sbc.drawCanvas(r, canvasBox) sbc.drawBars(r, canvasBox) sbc.drawXAxis(r, canvasBox)