mirror of
https://github.com/prometheus/prometheus.git
synced 2026-04-07 10:15:49 -04:00
c9dd34ac6b
Two cases in compactBuckets caused a panic when fed malformed histogram data (e.g. via a crafted protobuf message): 1. All spans have zero length: after the zero-length span removal pass, spans becomes empty. The subsequent loop called emptyBucketsHere(), which accessed spans[0] and panicked with index out of range. Fixed by the early return added in the previous commit (already on this branch via the roidelapluie/histogram-compact-zero-spans fix). 2. More buckets than spans describe: iSpan can reach len(spans) before all buckets are consumed, causing emptyBucketsHere() to access spans[iSpan] out of bounds. Fixed by adding iSpan < len(spans) to the loop guard. Both fixes in compactBuckets are defensive layers. The primary fix is in the protobuf parser: checkNativeHistogramConsistency now validates that span total length matches bucket count before calling Compact(), returning a proper error for malformed input instead of panicking. Found by FuzzParseProtobuf. Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| convert.go | ||
| convert_test.go | ||
| float_histogram.go | ||
| float_histogram_test.go | ||
| generic.go | ||
| generic_test.go | ||
| histogram.go | ||
| histogram_test.go | ||
| test_utils.go | ||