narrow fix for CVE-2024-40060
This commit is contained in:
Will Charczuk
parent
a334e8e43a
commit
218e744a87
3 changed files with 41 additions and 0 deletions
16
box.go
16
box.go
|
|
@ -254,6 +254,22 @@ func (b Box) OuterConstrain(bounds, other Box) Box {
|
|||
return newBox
|
||||
}
|
||||
|
||||
func (b Box) Validate() error {
|
||||
if b.Left < 0 {
|
||||
return fmt.Errorf("invalid left; must be >= 0")
|
||||
}
|
||||
if b.Right < 0 {
|
||||
return fmt.Errorf("invalid right; must be > 0")
|
||||
}
|
||||
if b.Top < 0 {
|
||||
return fmt.Errorf("invalid top; must be > 0")
|
||||
}
|
||||
if b.Bottom < 0 {
|
||||
return fmt.Errorf("invalid bottom; must be > 0")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// BoxCorners is a box with independent corners.
|
||||
type BoxCorners struct {
|
||||
TopLeft, TopRight, BottomRight, BottomLeft Point
|
||||
|
|
|
|||
|
|
@ -573,3 +573,22 @@ func TestChartE2ELineWithFill(t *testing.T) {
|
|||
testutil.AssertEqual(t, defaultSeriesColor, at(i, 0, 49))
|
||||
testutil.AssertEqual(t, defaultSeriesColor, at(i, 49, 0))
|
||||
}
|
||||
|
||||
func Test_Chart_cve(t *testing.T) {
|
||||
poc := StackedBarChart{
|
||||
Title: "poc",
|
||||
Bars: []StackedBar{
|
||||
{
|
||||
Name: "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111",
|
||||
Values: []Value{
|
||||
{Value: 1, Label: "infinite"},
|
||||
{Value: 1, Label: "loop"},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var imgContent bytes.Buffer
|
||||
err := poc.Render(PNG, &imgContent)
|
||||
testutil.AssertNotNil(t, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,12 +118,18 @@ func (sbc StackedBarChart) Render(rp RendererProvider, w io.Writer) error {
|
|||
var canvasBox Box
|
||||
if sbc.IsHorizontal {
|
||||
canvasBox = sbc.getHorizontalAdjustedCanvasBox(r, sbc.getDefaultCanvasBox())
|
||||
if err := canvasBox.Validate(); err != nil {
|
||||
return fmt.Errorf("invalid canvas box: %w", err)
|
||||
}
|
||||
sbc.drawCanvas(r, canvasBox)
|
||||
sbc.drawHorizontalBars(r, canvasBox)
|
||||
sbc.drawHorizontalXAxis(r, canvasBox)
|
||||
sbc.drawHorizontalYAxis(r, canvasBox)
|
||||
} else {
|
||||
canvasBox = sbc.getAdjustedCanvasBox(r, sbc.getDefaultCanvasBox())
|
||||
if err := canvasBox.Validate(); err != nil {
|
||||
return fmt.Errorf("invalid canvas box: %w", err)
|
||||
}
|
||||
sbc.drawCanvas(r, canvasBox)
|
||||
sbc.drawBars(r, canvasBox)
|
||||
sbc.drawXAxis(r, canvasBox)
|
||||
|
|
|
|||
Loading…
Reference in a new issue