Fix invalid type assertion in LoadBytes (#733 )

Fixes #732
README: don't mention document editing in v2
2022-01-05 09:17:32 -05:00 · 2021-12-31 13:31:17 -05:00 · 2021-10-17 20:56:41 -04:00 · 2021-09-27 19:11:21 -04:00 · 2021-09-05 21:38:35 -04:00
8 changed files with 88 additions and 35 deletions
@@ -25,9 +25,9 @@ and [much faster][v2-bench]. If you only need reading and writing TOML documents
 (majority of cases), those features are implemented and the API unlikely to
 change.

-The remaining features (Document structure editing and tooling) will be added
-shortly. While pull-requests are welcome on v1, no active development is
-expected on it. When v2.0.0 is released, v1 will be deprecated.
+The remaining features will be added shortly. While pull-requests are welcome on
+v1, no active development is expected on it. When v2.0.0 is released, v1 will be
+deprecated.

 👉 [go-toml v2][v2]

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version    | Supported          |
+| ---------- | ------------------ |
+| Latest 2.x | :white_check_mark: |
+| All 1.x    | :x:                |
+| All 0.x    | :x:                |
+
+## Reporting a Vulnerability
+
+Email a vulnerability report to `security@pelletier.codes`. Make sure to include
+as many details as possible to reproduce the vulnerability. This is a
+side-project: I will try to get back to you as quickly as possible, time
+permitting in my personal life. Providing a working patch helps very much!
@@ -6,6 +6,7 @@
 package main

 import (
+	"bytes"
 	"flag"
 	"fmt"
 	"io"
@@ -16,6 +17,7 @@ import (
 )

 func main() {
+	multiLineArray := flag.Bool("multiLineArray", false, "sets up the linter to encode arrays with more than one element on multiple lines instead of one.")
 	flag.Usage = func() {
 		fmt.Fprintln(os.Stderr, "tomll can be used in two ways:")
 		fmt.Fprintln(os.Stderr, "Writing to STDIN and reading from STDOUT:")
@@ -25,11 +27,16 @@ func main() {
 		fmt.Fprintln(os.Stderr, "  tomll a.toml b.toml c.toml")
 		fmt.Fprintln(os.Stderr, "")
 		fmt.Fprintln(os.Stderr, "When given a list of files, tomll will modify all files in place without asking.")
+		fmt.Fprintln(os.Stderr, "When given a list of files, tomll will modify all files in place without asking.")
+		fmt.Fprintln(os.Stderr, "")
+		fmt.Fprintln(os.Stderr, "Flags:")
+		fmt.Fprintln(os.Stderr, "-multiLineArray      sets up the linter to encode arrays with more than one element on multiple lines instead of one.")
 	}
 	flag.Parse()
+
 	// read from stdin and print to stdout
 	if flag.NArg() == 0 {
-		s, err := lintReader(os.Stdin)
+		s, err := lintReader(os.Stdin, *multiLineArray)
 		if err != nil {
 			io.WriteString(os.Stderr, err.Error())
 			os.Exit(-1)
@@ -38,7 +45,7 @@ func main() {
 	} else {
 		// otherwise modify a list of files
 		for _, filename := range flag.Args() {
-			s, err := lintFile(filename)
+			s, err := lintFile(filename, *multiLineArray)
 			if err != nil {
 				io.WriteString(os.Stderr, err.Error())
 				os.Exit(-1)
@@ -48,18 +55,29 @@ func main() {
 	}
 }

-func lintFile(filename string) (string, error) {
+func lintFile(filename string, multiLineArray bool) (string, error) {
 	tree, err := toml.LoadFile(filename)
 	if err != nil {
 		return "", err
 	}
-	return tree.String(), nil
+
+	buf := new(bytes.Buffer)
+	if err := toml.NewEncoder(buf).ArraysWithOneElementPerLine(multiLineArray).Encode(tree); err != nil {
+		panic(err)
+	}
+
+	return buf.String(), nil
 }

-func lintReader(r io.Reader) (string, error) {
+func lintReader(r io.Reader, multiLineArray bool) (string, error) {
 	tree, err := toml.LoadReader(r)
 	if err != nil {
 		return "", err
 	}
-	return tree.String(), nil
+
+	buf := new(bytes.Buffer)
+	if err := toml.NewEncoder(buf).ArraysWithOneElementPerLine(multiLineArray).Encode(tree); err != nil {
+		panic(err)
+	}
+	return buf.String(), nil
 }
@@ -1113,7 +1113,7 @@ func (d *Decoder) valueFromToml(mtype reflect.Type, tval interface{}, mval1 *ref
 				return reflect.ValueOf(nil), fmt.Errorf("Can't convert %v(%T) to %v", tval, tval, mtype.String())
 			}

-			if val.Convert(reflect.TypeOf(int(1))).Int() < 0 {
+			if val.Type().Kind() != reflect.Uint64 && val.Convert(reflect.TypeOf(int(1))).Int() < 0 {
 				return reflect.ValueOf(nil), fmt.Errorf("%v(%T) is negative so does not fit in %v", tval, tval, mtype.String())
 			}
 			if reflect.Indirect(reflect.New(mtype)).OverflowUint(val.Convert(reflect.TypeOf(uint64(0))).Uint()) {
@@ -4119,3 +4119,13 @@ ErrorField = "foo"
 		t.Fatalf("error was expected")
 	}
 }
+
+func TestGithubIssue732(t *testing.T) {
+	var v interface{}
+	data := []byte("a=\nb=0")
+
+	err := Unmarshal(data, &v)
+	if err == nil {
+		t.Fatalf("error was expected")
+	}
+}
@@ -293,42 +293,41 @@ func (p *tomlParser) parseRvalue() interface{} {
 		return math.NaN()
 	case tokenInteger:
 		cleanedVal := cleanupNumberToken(tok.val)
-		var err error
-		var val int64
+		base := 10
+		s := cleanedVal
+		checkInvalidUnderscore := numberContainsInvalidUnderscore
 		if len(cleanedVal) >= 3 && cleanedVal[0] == '0' {
 			switch cleanedVal[1] {
 			case 'x':
-				err = hexNumberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 16, 64)
+				checkInvalidUnderscore = hexNumberContainsInvalidUnderscore
+				base = 16
 			case 'o':
-				err = numberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 8, 64)
+				base = 8
 			case 'b':
-				err = numberContainsInvalidUnderscore(tok.val)
-				if err != nil {
-					p.raiseError(tok, "%s", err)
-				}
-				val, err = strconv.ParseInt(cleanedVal[2:], 2, 64)
+				base = 2
 			default:
 				panic("invalid base") // the lexer should catch this first
 			}
-		} else {
-			err = numberContainsInvalidUnderscore(tok.val)
-			if err != nil {
-				p.raiseError(tok, "%s", err)
-			}
-			val, err = strconv.ParseInt(cleanedVal, 10, 64)
-		}
+			s = cleanedVal[2:]
+		}
+
+		err := checkInvalidUnderscore(tok.val)
 		if err != nil {
 			p.raiseError(tok, "%s", err)
 		}
+
+		var val interface{}
+		val, err = strconv.ParseInt(s, base, 64)
+		if err == nil {
 			return val
+		}
+
+		if s[0] != '-' {
+			if val, err = strconv.ParseUint(s, base, 64); err == nil {
+				return val
+			}
+		}
+		p.raiseError(tok, "%s", err)
 	case tokenFloat:
 		err := numberContainsInvalidUnderscore(tok.val)
 		if err != nil {
@@ -1162,3 +1162,10 @@ str3 = """\
 		t.Errorf("expected '%s', got '%s'", expected, got)
 	}
 }
+
+func TestUint(t *testing.T) {
+	tree, err := Load("hello = 18446744073709551615")
+	assertTree(t, tree, err, map[string]interface{}{
+		"hello": uint64(math.MaxUint64),
+	})
+}
@@ -471,7 +471,7 @@ func LoadBytes(b []byte) (tree *Tree, err error) {
 			if _, ok := r.(runtime.Error); ok {
 				panic(r)
 			}
-			err = errors.New(r.(string))
+			err = fmt.Errorf("%s", r)
 		}
 	}()
Author	SHA1	Message	Date
Cameron Moore	fed1464066	Fix invalid type assertion in LoadBytes (#733 ) Fixes #732	2022-01-05 09:17:32 -05:00
Thomas Pelletier	1baee4630f	README: don't mention document editing in v2	2021-12-31 13:31:17 -05:00
Thomas Pelletier	352072d51a	Create SECURITY.md	2021-10-17 20:56:41 -04:00
Wendell Sun	c42c3365f3	Support unmarshaling up to uint64 (#608 )	2021-09-27 19:11:21 -04:00
Bruno FERNANDO	b8ba995eaa	tomll: add multiLineArray flag to linter (#578 )	2021-09-05 21:38:35 -04:00