ugorji

ugorji

Member Since 10 years ago

Experience Points
93
follower
Lessons Completed
1
follow
Lessons Completed
71
stars
Best Reply Awards
22
repos

175 contributions in the last year

Pinned
⚡ idiomatic codec and rpc lib for msgpack, cbor, json, etc. msgpack.org[Go]
⚡ backup and archive text, pictures and other multimedia messages and call logs
⚡ Forum Web Application with feature set superior to phpBB
⚡ java toolkit based on command-pattern for scripting arbitrary product environments
⚡ NoSQL schema-less database server for structured entities with strong consistency
⚡ fast and flexible static site generator or dynamic file server
Activity
Nov
6
3 weeks ago
Activity icon
issue

ugorji issue ugorji/go

ugorji
ugorji

ambiguous import: found github.com/ugorji/go/codec in multiple modules

git.code.oa.com/PostgreSQL/shark/src/shark/controller/account tested by git.code.oa.com/PostgreSQL/shark/src/shark/controller/account.test imports git.code.oa.com/cdb_common/mockdb imports github.com/pingcap/tidb/tidb-server imports github.com/pingcap/pd/client tested by github.com/pingcap/pd/client.test imports github.com/pingcap/pd/server imports github.com/pingcap/pd/pkg/etcdutil imports go.etcd.io/etcd/etcdserver imports go.etcd.io/etcd/etcdserver/api/v2discovery imports go.etcd.io/etcd/client imports github.com/ugorji/go/codec: ambiguous import: found github.com/ugorji/go/codec in multiple modules: github.com/ugorji/go v1.1.4 (/home/go/pkg/mod/github.com/ugorji/[email protected]/codec) github.com/ugorji/go/codec v0.0.0-20190204201341-e444a5086c43 (/home/go/pkg/mod/github.com/ugorji/go/[email protected])

Activity icon
issue

ugorji issue comment ugorji/go

ugorji
ugorji

ambiguous import: found github.com/ugorji/go/codec in multiple modules

git.code.oa.com/PostgreSQL/shark/src/shark/controller/account tested by git.code.oa.com/PostgreSQL/shark/src/shark/controller/account.test imports git.code.oa.com/cdb_common/mockdb imports github.com/pingcap/tidb/tidb-server imports github.com/pingcap/pd/client tested by github.com/pingcap/pd/client.test imports github.com/pingcap/pd/server imports github.com/pingcap/pd/pkg/etcdutil imports go.etcd.io/etcd/etcdserver imports go.etcd.io/etcd/etcdserver/api/v2discovery imports go.etcd.io/etcd/client imports github.com/ugorji/go/codec: ambiguous import: found github.com/ugorji/go/codec in multiple modules: github.com/ugorji/go v1.1.4 (/home/go/pkg/mod/github.com/ugorji/[email protected]/codec) github.com/ugorji/go/codec v0.0.0-20190204201341-e444a5086c43 (/home/go/pkg/mod/github.com/ugorji/go/[email protected])

ugorji
ugorji

Please see https://github.com/ugorji/go/blob/master/FAQ.md#resolving-module-issues

The owner of the package should update to a version of github.com/ugorji/go/codec above v1.1.5, which was released around July 2019. The latest release is the latest and greatest.

push

ugorji push ugorji/go

ugorji
ugorji

codec: prevent OOM in usableByteSlice by capping allocated bytes to 64MB

Handle all callers to use append if more bytes are needed to be decoded. This way, we will get a natural error on decoding if one exists, and not an OOM panic

Fixes #363

commit sha: 261da31cc41451e18d0efcc8ac469d27ca5dcc64

push time in 3 weeks ago
Activity icon
issue

ugorji issue ugorji/go

ugorji
ugorji

Out of memory on decoding of CBOR

Check glumia/ugorji-go-security-issue and https://github.com/fxamacker/cbor/issues/247#issuecomment-920879714.

One particular thing I noted while testing it is that the issue occurs only if the destination of decode is a []byte.

If you try to debug the execution with delve you can notice that the failure is caused by the attempt of the program to allocate a huge amount of memory at line 607 of codec/cbor.go (~53 TB on the first test and ~142 TB on the second one).

push

ugorji push ugorji/go

ugorji
ugorji

Fix the noFrac code to handle 0. (#365)

In f4b40f6 code was added to allow reading a (non-fraction-containing) float64 into a uint64 struct. This code depends on a new function noFrac64 to decide if the cast is legal. (There is also a noFrac32.) However, noFrac64 and noFrac32 do not return the correct result when the input is 0.0. In that case, subtracting the bias yields a negative number (which is then interpreted as a very large positive number).

I don't know if there's a way to fix this without adding a new comparison function (like replacing the subtraction of the bias with a bitwise operation of some sort or another), but this fix is simple enough. I didn't see any tests for this code so I didn't add a test for it.

Fixes #364

commit sha: 39e0285e2502036057b89eb33b2df2a0c5f4caae

push time in 3 weeks ago
Activity icon
issue

ugorji issue ugorji/go

ugorji
ugorji

noFrac64 and noFrac32 are incorrect for 0.

In f4b40f6a096194 code was added to allow reading a (non-fraction-containing) float64 into a uint64 struct. This code depends on a new function noFrac64 to decide if the cast is legal. (There is also a noFrac32.) However, noFrac64 and noFrac32 do not return the correct result when the input is 0.0. In that case, subtracting the bias yields a negative number (which is then interpreted as a very large positive number).

The end result is that, in decoding, you can see a lot of errors like this:

assigning integer value from float64 with a fraction: 0

It should resolve this bug to just add if fbits == 0 { return true } to the beginning of noFrac32 and noFrac64.

pull request

ugorji pull request ugorji/go

ugorji
ugorji

Fix the noFrac code to handle `0`.

In f4b40f6 code was added to allow reading a (non-fraction-containing) float64 into a uint64 struct. This code depends on a new function noFrac64 to decide if the cast is legal. (There is also a noFrac32.) However, noFrac64 and noFrac32 do not return the correct result when the input is 0.0. In that case, subtracting the bias yields a negative number (which is then interpreted as a very large positive number).

I don't know if there's a way to fix this without adding a new comparison function (like replacing the subtraction of the bias with a bitwise operation of some sort or another), but this fix is simple enough. I didn't see any tests for this code so I didn't add a test for it.

Fixes #364