mirror of
https://github.com/prometheus/prometheus
synced 2026-04-20 22:41:05 +08:00
c9dd34ac6b
Two cases in compactBuckets caused a panic when fed malformed histogram data (e.g. via a crafted protobuf message): 1. All spans have zero length: after the zero-length span removal pass, spans becomes empty. The subsequent loop called emptyBucketsHere(), which accessed spans[0] and panicked with index out of range. Fixed by the early return added in the previous commit (already on this branch via the roidelapluie/histogram-compact-zero-spans fix). 2. More buckets than spans describe: iSpan can reach len(spans) before all buckets are consumed, causing emptyBucketsHere() to access spans[iSpan] out of bounds. Fixed by adding iSpan < len(spans) to the loop guard. Both fixes in compactBuckets are defensive layers. The primary fix is in the protobuf parser: checkNativeHistogramConsistency now validates that span total length matches bucket count before calling Compact(), returning a proper error for malformed input instead of panicking. Found by FuzzParseProtobuf. Signed-off-by: Julien Pivotto <291750+roidelapluie@users.noreply.github.com>