From 79511abe6ca7fd4c8b3710a73e2d5738bcdf590a Mon Sep 17 00:00:00 2001
From: Matt Joiner <anacrolix@gmail.com>
Date: Fri, 10 Dec 2021 14:29:35 +1100
Subject: [PATCH] bencode: Fix decoding integer with leading +

---
 bencode/decode.go                                | 16 +++++++++++-----
 ...f7894a9106ad601e23fd484747898394a12bddba90615 |  2 ++
 ...05a5216675a7e1b7b8ef7b4e4d80ec7b7b5dce6dbbb38 |  2 ++
 3 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 bencode/testdata/fuzz/FuzzInterfaceRoundTrip/321f4f280d23ac90ccaf7894a9106ad601e23fd484747898394a12bddba90615
 create mode 100644 bencode/testdata/fuzz/FuzzInterfaceRoundTrip/808391fc9a93d89909205a5216675a7e1b7b8ef7b4e4d80ec7b7b5dce6dbbb38

diff --git a/bencode/decode.go b/bencode/decode.go
index 90397854..4552da1c 100644
--- a/bencode/decode.go
+++ b/bencode/decode.go
@@ -105,7 +105,7 @@ func (d *Decoder) throwSyntaxError(offset int64, err error) {
 func (d *Decoder) readInt() error {
 	// start := d.Offset - 1
 	d.readUntil('e')
-	if err := d.bufLeadingZero(); err != nil {
+	if err := d.checkBufferedInt(); err != nil {
 		return err
 	}
 	// if d.buf.Len() == 0 {
@@ -161,10 +161,16 @@ func (d *Decoder) parseInt(v reflect.Value) error {
 	return nil
 }
 
-func (d *Decoder) bufLeadingZero() error {
+func (d *Decoder) checkBufferedInt() error {
 	b := d.buf.Bytes()
-	if len(b) > 1 && b[0] == '0' {
-		return fmt.Errorf("non-zero integer has leading zeroes: %q", b)
+	if len(b) <= 1 {
+		return nil
+	}
+	if b[0] == '-' {
+		b = b[1:]
+	}
+	if b[0] < '1' || b[0] > '9' {
+		return errors.New("invalid leading digit")
 	}
 	return nil
 }
@@ -173,7 +179,7 @@ func (d *Decoder) parseStringLength() (uint64, error) {
 	// We should have already consumed the first byte of the length into the Decoder buf.
 	start := d.Offset - 1
 	d.readUntil(':')
-	if err := d.bufLeadingZero(); err != nil {
+	if err := d.checkBufferedInt(); err != nil {
 		return 0, err
 	}
 	length, err := strconv.ParseUint(bytesAsString(d.buf.Bytes()), 10, 32)
diff --git a/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/321f4f280d23ac90ccaf7894a9106ad601e23fd484747898394a12bddba90615 b/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/321f4f280d23ac90ccaf7894a9106ad601e23fd484747898394a12bddba90615
new file mode 100644
index 00000000..92d01013
--- /dev/null
+++ b/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/321f4f280d23ac90ccaf7894a9106ad601e23fd484747898394a12bddba90615
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("i+0e")
diff --git a/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/808391fc9a93d89909205a5216675a7e1b7b8ef7b4e4d80ec7b7b5dce6dbbb38 b/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/808391fc9a93d89909205a5216675a7e1b7b8ef7b4e4d80ec7b7b5dce6dbbb38
new file mode 100644
index 00000000..ed2aa468
--- /dev/null
+++ b/bencode/testdata/fuzz/FuzzInterfaceRoundTrip/808391fc9a93d89909205a5216675a7e1b7b8ef7b4e4d80ec7b7b5dce6dbbb38
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("i-0e")
-- 
2.48.1