Closed
Description
The following program crashes with panic:
package main
import (
"html/template"
"io/ioutil"
)
func main() {
t, err := template.New("foo").Parse(string(data))
if err != nil {
return
}
t.Execute(ioutil.Discard, nil)
}
var data = "<style>\xbbߤ2Dq\x8e%5\xf1\x945\xf1\x94</style>"panic: runtime error: slice bounds out of range
goroutine 1 [running]:
html/template.(*escaper).escapeText(0xc208010540, 0x2000000000f, 0x0, 0xc208014810, 0x0, 0x0)
src/html/template/escape.go:596 +0xceb
html/template.(*escaper).escape(0xc208010540, 0x0, 0x0, 0x7fe7fb498378, 0xc208014810, 0x700000000000000, 0x0)
src/html/template/escape.go:129 +0x31a
html/template.(*escaper).escapeList(0xc208010540, 0x0, 0x0, 0xc2080147e0, 0x0, 0x0)
src/html/template/escape.go:440 +0x1c9
html/template.(*escaper).escapeListConditionally(0xc208010500, 0x0, 0x0, 0xc2080147e0, 0xc2080419b0, 0x0, 0x0, 0x7fe7fb644000)
src/html/template/escape.go:455 +0x4be
html/template.(*escaper).escapeTemplateBody(0xc208010500, 0x0, 0x0, 0xc208010440, 0x0, 0x0, 0xc20000000000001d)
src/html/template/escape.go:573 +0x1e2
html/template.(*escaper).computeOutCtx(0xc208010500, 0x0, 0x0, 0xc208010440, 0x0, 0x0)
src/html/template/escape.go:534 +0xc9
html/template.(*escaper).escapeTree(0xc208010500, 0x0, 0x0, 0x7fe7fb4983c0, 0xc2080147e0, 0x5ba240, 0x3, 0x0, 0x0, 0x0, ...)
src/html/template/escape.go:527 +0x77f
html/template.escapeTemplate(0xc2080146f0, 0x7fe7fb4983c0, 0xc2080147e0, 0x5ba240, 0x3, 0x0, 0x0)
src/html/template/escape.go:23 +0x334
html/template.(*Template).escape(0xc2080146f0, 0x0, 0x0)
src/html/template/template.go:85 +0x35d
html/template.(*Template).Execute(0xc2080146f0, 0x7fe7fb498350, 0xc20800a4c0, 0x0, 0x0, 0x0, 0x0)
src/html/template/template.go:101 +0x37
main.main()
/tmp/htmltempl.go:13 +0x290
on commit ccc76db