prometheus/promql at 00a7faa2e3cbef625faff9236cdabd877243f35b - prometheus - gitea@git.xfx1.de

mirrors/prometheus

mirror of https://github.com/prometheus/prometheus.git synced 2026-04-14 02:01:02 +02:00

History

Arve Knudsen 65f8482335 fix(promql): prevent panic in trimStringByBytes on invalid UTF-8

Add bounds check to prevent index out of range panic when
trimStringByBytes receives a string containing only UTF-8 continuation
bytes (0x80-0xBF). Previously, the loop would decrement size below 0
when no valid rune start byte was found, causing a panic.

A malicious query string with only continuation bytes could crash
the Prometheus server via the ActiveQueryTracker before the query
was parsed or validated.

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

2026-01-24 16:06:42 +01:00

..

textparse: Add fuzzing and fix bug caught

2017-07-07 11:12:17 +02:00

Merge pull request #17626 from aviralgarg05/fix-promqltest-counter-reset-hint-comparison

2026-01-22 15:03:20 +01:00

promql: info function: fix unit test for ignoring info metrics themselves (#17911 )

2026-01-22 15:24:41 +01:00

bench_test.go

tests(teststorage): Close Storage in the helper (#17902 )

2026-01-23 08:41:35 +00:00

durations_test.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

durations.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

engine_internal_test.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

engine_test.go

tests(teststorage): Close Storage in the helper (#17902 )

2026-01-23 08:41:35 +00:00

engine.go

PromQL: Add fill*() binop modifiers to provide default values for missing series

2026-01-15 07:56:21 +01:00

functions_internal_test.go

promql: avoid unnecessary Metric.Get() calls in functions.go (#17676 )

2026-01-08 11:58:05 +00:00

functions_test.go

tests(teststorage): Close Storage in the helper (#17902 )

2026-01-23 08:41:35 +00:00

functions.go

promql: avoid unnecessary Metric.Get() calls in functions.go (#17676 )

2026-01-08 11:58:05 +00:00

fuzz_test.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

fuzz.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

histogram_stats_iterator_test.go

feat(tsdb): new AppenderV2 and AtST interface for chunks

2026-01-14 13:15:09 +01:00

histogram_stats_iterator.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

info.go

promql: info function: fix series without identifying labels not being returned (#17898 )

2026-01-20 16:53:27 +01:00

promql_test.go

tests(teststorage): Close Storage in the helper (#17902 )

2026-01-23 08:41:35 +00:00

quantile_test.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

quantile.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

query_logger_test.go

fix(promql): prevent panic in trimStringByBytes on invalid UTF-8

2026-01-24 16:06:42 +01:00

query_logger.go

fix(promql): prevent panic in trimStringByBytes on invalid UTF-8

2026-01-24 16:06:42 +01:00

value_test.go

Remove copyright date from headers (#17785 )

2026-01-05 13:46:21 +01:00

value.go

feat(tsdb): new AppenderV2 and AtST interface for chunks

2026-01-14 13:15:09 +01:00