Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slice bounds out of range #243

Closed
dholbach opened this issue Oct 27, 2021 · 0 comments · Fixed by #257
Closed

Slice bounds out of range #243

dholbach opened this issue Oct 27, 2021 · 0 comments · Fixed by #257
Assignees
@relu

Comments

@dholbach
Copy link
Member

From Ada Logics

An issue was found by the FuzzUpdateWithSetters fuzzer of the image-automation-controller. The follow stack trace is produced after a few minutes of fuzzing:

panic: runtime error: slice bounds out of range [:-4]
goroutine 17 [running, locked to thread]:
github.com/fluxcd/image-automation-controller/pkg/update.UpdateWithSetters(0x2704df0, 0x3bd17d0, 0xc0001b70b0, 0x17, 0xc0001b7188, 0x17, 0xc00034f680, 0x1, 0x1,0x0, ...)
        /image-automation-controller/pkg/update/setters.go:162 +0x12e9
github.com/fluxcd/image-automation-controller/controllers.FuzzUpdateWithSetters(0x5922c00, 0x17f, 0x17f, 0x0)
        /image-automation-controller/controllers/fuzz.go:388 +0x65b
main.LLVMFuzzerTestOneInput(0x5922c00, 0x17f, 0x4b0001)
github.com/fluxcd/image-automation-controller/controllers/go.fuzz.main/main.go:35 +0x66
==8== ERROR: libFuzzer: deadly signal
    #0 0x4b20d0 in __sanitizer_print_stack_trace (/fuzzers/FuzzUpdateWithSetters+0x4b20d0)
    #1 0x45da28 in fuzzer::PrintStackTrace() (/fuzzers/FuzzUpdateWithSetters+0x45da28)
    #2 0x443a63 in fuzzer::Fuzzer::CrashCallback() (/fuzzers/FuzzUpdateWithSetters+0x443a63)
    #3 0x7fd3900c38df (/lib/x86_64-linux-gnu/libpthread.so.0+0x138df)
    #4 0x521ca0 in runtime.raise runtime/sys_linux_amd64.s:163

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 CrossOver-InsertByte-; base unit: a00037129c43765719c94c4c994e5652daa461b8 artifact_prefix='./'; Test unit written to
./crash-e93c32a8ad39fe95da43be27e31c5fb4d720efb9

The issue is present on this line:

name := image[:len(image)-len(tag)-1]

Recommendation

This issue can be mitigated by checking the length of image and tag.

In addition, consider recovering runtime errors to prevent recoverable panics from crashing the controller.
relu added a commit that referenced this issue Nov 4, 2021
@relu
Use strings.TrimRight to determine image name
cac285c 
This is to prevent a slice bounds out of range error.

Fixes #243

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
@relu relu self-assigned this Nov 4, 2021
@relu relu mentioned this issue Nov 4, 2021
Merged
relu added a commit that referenced this issue Nov 4, 2021
@relu
Use strings.TrimRight to determine image name
e85d5e6 
This is to prevent a slice bounds out of range error.

Fixes #243

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
relu added a commit that referenced this issue Nov 5, 2021
@relu
Use strings.TrimRight to determine image name
bdf73cb 
This is to prevent a slice bounds out of range error.

Fixes #243

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
souleb pushed a commit to souleb/image-automation-controller that referenced this issue Mar 12, 2024
@relu @souleb
Use strings.TrimRight to determine image name
e6ec20f 
This is to prevent a slice bounds out of range error.

Fixes fluxcd#243

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@relu relu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use strings.TrimRight to determine image name fluxcd/image-automation-controller
2 participants
@relu @dholbach