narrow fix for CVE-2024-40060

wcharczuk · Aug 23, 2024 · 218e744 · 218e744
1 parent a334e8e
commit 218e744
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/box.go b/box.go
@@ -254,6 +254,22 @@ func (b Box) OuterConstrain(bounds, other Box) Box {
 	return newBox
 }
 
+func (b Box) Validate() error {
+	if b.Left < 0 {
+		return fmt.Errorf("invalid left; must be >= 0")
+	}
+	if b.Right < 0 {
+		return fmt.Errorf("invalid right; must be > 0")
+	}
+	if b.Top < 0 {
+		return fmt.Errorf("invalid top; must be > 0")
+	}
+	if b.Bottom < 0 {
+		return fmt.Errorf("invalid bottom; must be > 0")
+	}
+	return nil
+}
+
 // BoxCorners is a box with independent corners.
 type BoxCorners struct {
 	TopLeft, TopRight, BottomRight, BottomLeft Point

diff --git a/chart_test.go b/chart_test.go
@@ -573,3 +573,22 @@ func TestChartE2ELineWithFill(t *testing.T) {
 	testutil.AssertEqual(t, defaultSeriesColor, at(i, 0, 49))
 	testutil.AssertEqual(t, defaultSeriesColor, at(i, 49, 0))
 }
+
+func Test_Chart_cve(t *testing.T) {
+	poc := StackedBarChart{
+		Title: "poc",
+		Bars: []StackedBar{
+			{
+				Name: "11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111",
+				Values: []Value{
+					{Value: 1, Label: "infinite"},
+					{Value: 1, Label: "loop"},
+				},
+			},
+		},
+	}
+
+	var imgContent bytes.Buffer
+	err := poc.Render(PNG, &imgContent)
+	testutil.AssertNotNil(t, err)
+}
diff --git a/stacked_bar_chart.go b/stacked_bar_chart.go
@@ -118,12 +118,18 @@ func (sbc StackedBarChart) Render(rp RendererProvider, w io.Writer) error {
 	var canvasBox Box
 	if sbc.IsHorizontal {
 		canvasBox = sbc.getHorizontalAdjustedCanvasBox(r, sbc.getDefaultCanvasBox())
+		if err := canvasBox.Validate(); err != nil {
+			return fmt.Errorf("invalid canvas box: %w", err)
+		}
 		sbc.drawCanvas(r, canvasBox)
 		sbc.drawHorizontalBars(r, canvasBox)
 		sbc.drawHorizontalXAxis(r, canvasBox)
 		sbc.drawHorizontalYAxis(r, canvasBox)
 	} else {
 		canvasBox = sbc.getAdjustedCanvasBox(r, sbc.getDefaultCanvasBox())
+		if err := canvasBox.Validate(); err != nil {
+			return fmt.Errorf("invalid canvas box: %w", err)
+		}
 		sbc.drawCanvas(r, canvasBox)
 		sbc.drawBars(r, canvasBox)
 		sbc.drawXAxis(r, canvasBox)