Skip to content

fix: prevent slice bounds panic in Row.matchAll#69

Open
Yanhu007 wants to merge 1 commit into
gobwas:masterfrom
Yanhu007:fix/row-matchall-bounds-panic
Open

fix: prevent slice bounds panic in Row.matchAll#69
Yanhu007 wants to merge 1 commit into
gobwas:masterfrom
Yanhu007:fix/row-matchall-bounds-panic

Conversation

@Yanhu007
Copy link
Copy Markdown

@Yanhu007 Yanhu007 commented Apr 15, 2026

Fixes #59

Problem

Row.matchAll panics with slice bounds out of range for certain glob patterns:

gg, _ := glob.Compile("/{a{*.json{", '/')
gg.Match("/a/b/c/d/e/foo.json")  // PANIC: slice bounds out of range

The computed slice end idx + next + 1 can exceed the string length when the pattern produces a Row with RunesLength larger than the actual string being matched.

Fix

Add explicit bounds checks before slicing:

  1. Return false early if fewer runes are available than needed
  2. Return false if the computed end index exceeds string length

All existing tests pass, plus the reproducer from the issue now returns false instead of panicking.

@Yanhu007
fix: prevent slice bounds panic in Row.matchAll
a2956bb 
Row.matchAll could panic with "slice bounds out of range" when
matching against certain malformed glob patterns like "/{a{*.json{".
The computed end index (idx + next + 1) could exceed the string
length.

Add explicit bounds checks: return false early if the string has
fewer runes than needed or if the computed slice end exceeds the
string length.

Fixes gobwas#59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Crash in match.Row.matchAll

1 participant

@Yanhu007