From 7edbd930d5fa872879a4ed88fdbf04c4df0dd15c Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Wed, 8 Jan 2020 20:46:41 +0200 Subject: [PATCH] vendor: update github.com/valyala/fastjson from v1.4.1 to v1.4.2 This fixes parsing of `inf` and `nan` values in json lines passed to `/api/v1/import` --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/valyala/fastjson/README.md | 15 +++++++++++++ .../valyala/fastjson/fastfloat/parse.go | 13 +++++++++++ vendor/github.com/valyala/fastjson/fuzz.go | 22 +++++++++++++++++++ vendor/github.com/valyala/fastjson/handy.go | 2 +- vendor/github.com/valyala/fastjson/parser.go | 5 +++-- vendor/modules.txt | 2 +- 8 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 vendor/github.com/valyala/fastjson/fuzz.go diff --git a/go.mod b/go.mod index 9fefc60b4..9c8193a49 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/jstemmer/go-junit-report v0.9.1 // indirect github.com/klauspost/compress v1.9.4 github.com/lithammer/go-jump-consistent-hash v1.0.1 - github.com/valyala/fastjson v1.4.1 + github.com/valyala/fastjson v1.4.2 github.com/valyala/fastrand v1.0.0 github.com/valyala/gozstd v1.6.4 github.com/valyala/histogram v1.0.1 diff --git a/go.sum b/go.sum index 9a5c2a9d0..ef107cadc 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= -github.com/valyala/fastjson v1.4.1 h1:hrltpHpIpkaxll8QltMU8c3QZ5+qIiCL8yKqPFJI/yE= -github.com/valyala/fastjson v1.4.1/go.mod h1:nV6MsjxL2IMJQUoHDIrjEI7oLyeqK6aBD7EFWPsvP8o= +github.com/valyala/fastjson v1.4.2 h1:vJXOwCenHuSyEfxWBUtzZl9LqyfgN2YkaNQBPHHEYbk= +github.com/valyala/fastjson v1.4.2/go.mod h1:nV6MsjxL2IMJQUoHDIrjEI7oLyeqK6aBD7EFWPsvP8o= github.com/valyala/fastrand v1.0.0 h1:LUKT9aKer2dVQNUi3waewTbKV+7H17kvWFNKs2ObdkI= github.com/valyala/fastrand v1.0.0/go.mod h1:HWqCzkrkg6QXT8V2EXWvXCoow7vLwOFN002oeRzjapQ= github.com/valyala/gozstd v1.6.4 h1:nFLddjEf90SFl5cVWyElSHozQDsbvLljPK703/skBS0= diff --git a/vendor/github.com/valyala/fastjson/README.md b/vendor/github.com/valyala/fastjson/README.md index c04913a17..f32c69393 100644 --- a/vendor/github.com/valyala/fastjson/README.md +++ b/vendor/github.com/valyala/fastjson/README.md @@ -102,6 +102,21 @@ See also [examples](https://godoc.org/github.com/valyala/fastjson#pkg-examples). * Prefer iterating over array returned from [Value.GetArray](https://godoc.org/github.com/valyala/fastjson#Object.Visit) with a range loop instead of calling `Value.Get*` for each array item. +## Fuzzing +Install [go-fuzz](https://github.com/dvyukov/go-fuzz) & optionally the go-fuzz-corpus. + +```bash +go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build +``` + +Build using `go-fuzz-build` and run `go-fuzz` with an optional corpus. + +```bash +mkdir -p workdir/corpus +cp $GOPATH/src/github.com/dvyukov/go-fuzz-corpus/json/corpus/* workdir/corpus +go-fuzz-build github.com/valyala/fastjson +go-fuzz -bin=fastjson-fuzz.zip -workdir=workdir +``` ## Benchmarks diff --git a/vendor/github.com/valyala/fastjson/fastfloat/parse.go b/vendor/github.com/valyala/fastjson/fastfloat/parse.go index 76a37a2f5..bc264bda9 100644 --- a/vendor/github.com/valyala/fastjson/fastfloat/parse.go +++ b/vendor/github.com/valyala/fastjson/fastfloat/parse.go @@ -2,6 +2,7 @@ package fastfloat import ( "math" + "strings" "strconv" ) @@ -132,6 +133,15 @@ func ParseBestEffort(s string) float64 { break } if i <= j { + if strings.EqualFold(s[i:], "inf") { + if minus { + return -inf + } + return inf + } + if strings.EqualFold(s[i:], "nan") { + return nan + } return 0 } f := float64(d) @@ -229,3 +239,6 @@ func ParseBestEffort(s string) float64 { } return 0 } + +var inf = math.Inf(1) +var nan = math.NaN() diff --git a/vendor/github.com/valyala/fastjson/fuzz.go b/vendor/github.com/valyala/fastjson/fuzz.go new file mode 100644 index 000000000..9130797c7 --- /dev/null +++ b/vendor/github.com/valyala/fastjson/fuzz.go @@ -0,0 +1,22 @@ +// +build gofuzz + +package fastjson + +func Fuzz(data []byte) int { + err := ValidateBytes(data) + if err != nil { + return 0 + } + + v := MustParseBytes(data) + + dst := make([]byte, 0) + dst = v.MarshalTo(dst) + + err = ValidateBytes(dst) + if err != nil { + panic(err) + } + + return 1 +} diff --git a/vendor/github.com/valyala/fastjson/handy.go b/vendor/github.com/valyala/fastjson/handy.go index e3380ce25..a5d5618f0 100644 --- a/vendor/github.com/valyala/fastjson/handy.go +++ b/vendor/github.com/valyala/fastjson/handy.go @@ -159,7 +159,7 @@ func ParseBytes(b []byte) (*Value, error) { // MustParseBytes parses b containing json. // -// The function banics if b cannot be parsed. +// The function panics if b cannot be parsed. // The function is slower than the Parser.ParseBytes for re-used Parser. func MustParseBytes(b []byte) *Value { v, err := ParseBytes(b) diff --git a/vendor/github.com/valyala/fastjson/parser.go b/vendor/github.com/valyala/fastjson/parser.go index 2c1e9f994..478a866c0 100644 --- a/vendor/github.com/valyala/fastjson/parser.go +++ b/vendor/github.com/valyala/fastjson/parser.go @@ -484,8 +484,9 @@ func (o *Object) unescapeKeys() { if o.keysUnescaped { return } - for i := range o.kvs { - kv := &o.kvs[i] + kvs := o.kvs + for i := range kvs { + kv := &kvs[i] kv.k = unescapeStringBestEffort(kv.k) } o.keysUnescaped = true diff --git a/vendor/modules.txt b/vendor/modules.txt index d0d093c8e..a9a4fdd68 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -92,7 +92,7 @@ github.com/klauspost/compress/zstd/internal/xxhash github.com/lithammer/go-jump-consistent-hash # github.com/valyala/bytebufferpool v1.0.0 github.com/valyala/bytebufferpool -# github.com/valyala/fastjson v1.4.1 +# github.com/valyala/fastjson v1.4.2 github.com/valyala/fastjson github.com/valyala/fastjson/fastfloat # github.com/valyala/fastrand v1.0.0