)]}' { "commit": "92041b743c966065641d7221da5403ad9a019bce", "tree": "1b72f962c0ce66cab0d1cbe51d1d7e96847f49a5", "parents": [ "545e8a4df9364095d66e521b8f515f7af961e653" ], "author": { "name": "evilgensec", "email": "evil.gen.sec@gmail.com", "time": "Thu May 07 07:22:55 2026 +0545" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 07 01:37:55 2026 +0000" }, "message": "internal/driver: guard BuildID slice in locateBinaries against short values (#998)\n\nThe LLVM debug-file lookup sliced m.BuildID[:2] and m.BuildID[2:] to\nconstruct a filesystem path of the form \u003cpath\u003e/\u003cfirst2\u003e/\u003crest\u003e.debug.\nThe existing guard only checked m.BuildID !\u003d \"\", so a BuildID with\nfewer than two characters (e.g. a single byte) caused a panic:\n runtime error: slice bounds out of range [:2] with length 1\n\nThe profile.proto format imposes no minimum length on BuildID, and the\nprofile.CheckValid() function does not validate it either. A crafted\nprofile with a one-character BuildID therefore reliably crashes any\nprocess that calls locateBinaries, including tools or servers that\naccept and analyze user-supplied profiles.\n\nFix: wrap the LLVM path construction in a len(m.BuildID) \u003e\u003d 2 guard,\nmatching the documented precondition of the LLVM build-id protocol\n(\u0027the first two characters are used as directory\u0027).\n\nAdd a test case with BuildID\u003d\"X\" to TestSymbolizationPath to prevent\nregression.", "tree_diff": [ { "type": "modify", "old_id": "6d967a2037be10ce50685ad7586c773cace1a5ff", "old_mode": 33188, "old_path": "internal/driver/fetch.go", "new_id": "0809cd0814386e004ee3fbb24516ca37635b30f6", "new_mode": 33188, "new_path": "internal/driver/fetch.go" }, { "type": "modify", "old_id": "3dcd7bbd0cc7d384ad5229b7ef9ed88c33b8bb6c", "old_mode": 33188, "old_path": "internal/driver/fetch_test.go", "new_id": "36ec2f28a2c49763a38c1dce0fa5bb7a0b035c7f", "new_mode": 33188, "new_path": "internal/driver/fetch_test.go" } ] }