From b2104f82a97df5456531b2816ef2022c7f4431c0 Mon Sep 17 00:00:00 2001
From: Dmitri Shuralyov <dmitshur@golang.org>
Date: Fri, 25 Oct 2019 12:20:13 -0400
Subject: [PATCH] present: check if too few arguments to image, iframe, or
 video

Previously, using incorrect syntax for one of image, iframe, or video
functions caused an index out of range panic. Add a check to prevent
the panic and return an error instead.

Fixes golang/go#35142

Change-Id: Ifffb4cc5daded5331d617a3db7cad84e37abadc8
Reviewed-on: https://go-review.googlesource.com/c/tools/+/203477
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
---
 present/iframe.go | 3 +++
 present/image.go  | 3 +++
 present/video.go  | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/present/iframe.go b/present/iframe.go
index 46649f0f1e..057d229585 100644
--- a/present/iframe.go
+++ b/present/iframe.go
@@ -23,6 +23,9 @@ func (i Iframe) TemplateName() string { return "iframe" }
 
 func parseIframe(ctx *Context, fileName string, lineno int, text string) (Elem, error) {
 	args := strings.Fields(text)
+	if len(args) < 2 {
+		return nil, fmt.Errorf("incorrect iframe invocation: %q", text)
+	}
 	i := Iframe{URL: args[1]}
 	a, err := parseArgs(fileName, lineno, args[2:])
 	if err != nil {
diff --git a/present/image.go b/present/image.go
index cfa2af9ba2..84965cae54 100644
--- a/present/image.go
+++ b/present/image.go
@@ -23,6 +23,9 @@ func (i Image) TemplateName() string { return "image" }
 
 func parseImage(ctx *Context, fileName string, lineno int, text string) (Elem, error) {
 	args := strings.Fields(text)
+	if len(args) < 2 {
+		return nil, fmt.Errorf("incorrect image invocation: %q", text)
+	}
 	img := Image{URL: args[1]}
 	a, err := parseArgs(fileName, lineno, args[2:])
 	if err != nil {
diff --git a/present/video.go b/present/video.go
index 913822e66b..93d93502bf 100644
--- a/present/video.go
+++ b/present/video.go
@@ -24,6 +24,9 @@ func (v Video) TemplateName() string { return "video" }
 
 func parseVideo(ctx *Context, fileName string, lineno int, text string) (Elem, error) {
 	args := strings.Fields(text)
+	if len(args) < 3 {
+		return nil, fmt.Errorf("incorrect video invocation: %q", text)
+	}
 	vid := Video{URL: args[1], SourceType: args[2]}
 	a, err := parseArgs(fileName, lineno, args[3:])
 	if err != nil {