Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/vulncheck/internal/gosym: panic in TestLineFromAline on release-branch.go1.17 on 32-bit platforms #52218

Closed
bcmills opened this issue Apr 7, 2022 · 2 comments
Closed

x/vuln/vulncheck/internal/gosym: panic in TestLineFromAline on release-branch.go1.17 on 32-bit platforms #52218

bcmills opened this issue Apr 7, 2022 · 2 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Soon This needs action soon. (recent regressions, service outages, unusual time-sensitive situations) vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Go1.17.9

Comments

@bcmills
Copy link
Contributor

bcmills commented Apr 7, 2022 

--- FAIL: TestLineFromAline (0.00s)
panic: runtime error: slice bounds out of range [76:68] [recovered]
	panic: runtime error: slice bounds out of range [76:68]

goroutine 20 [running]:
testing.tRunner.func1.2({0x81b3d60, 0xa176680})
	/workdir/go/src/testing/testing.go:1209 +0x2ab
testing.tRunner.func1(0xa0825a0)
	/workdir/go/src/testing/testing.go:1212 +0x27d
panic({0x81b3d60, 0xa176680})
	/workdir/go/src/runtime/panic.go:1038 +0x1c5
golang.org/x/vuln/vulncheck/internal/gosym.funcData.funcdataOffset({0xa0a60a0, {0xa240480, 0x44, 0x44}}, 0x3)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab.go:584 +0x127
golang.org/x/vuln/vulncheck/internal/gosym.(*LineTable).go12Funcs(0xa0a60a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab.go:373 +0x1f6
golang.org/x/vuln/vulncheck/internal/gosym.NewTable({0x82ebda0, 0x0, 0x0}, 0xa0a60a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/symtab.go:519 +0x5f1
golang.org/x/vuln/vulncheck/internal/gosym.parse({0xffb79ccc, 0x2f}, 0xa0f6180, 0xa0825a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab_test.go:82 +0x3d7
golang.org/x/vuln/vulncheck/internal/gosym.crack({0xffb79ccc, 0x2f}, 0xa0825a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab_test.go:62 +0xae
golang.org/x/vuln/vulncheck/internal/gosym.getTable(0xa0825a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab_test.go:51 +0x42
golang.org/x/vuln/vulncheck/internal/gosym.TestLineFromAline(0xa0825a0)
	/workdir/gopath/src/golang.org/x/vuln/vulncheck/internal/gosym/pclntab_test.go:94 +0x32
testing.tRunner(0xa0825a0, 0x81cd5d0)
	/workdir/go/src/testing/testing.go:1259 +0xe6
created by testing.(*T).Run
	/workdir/go/src/testing/testing.go:1306 +0x33a
FAIL	golang.org/x/vuln/vulncheck/internal/gosym	0.009s
FAIL

greplogs --dashboard -md -l -e 'FAIL: TestLineFromAline .*(?:\n.*)*panic: runtime error: slice bounds out of range' --since=2022-01-01

2022-04-07T17:51:26-1784cc9-7139e8b/freebsd-386-11_4
2022-04-07T17:51:26-1784cc9-7139e8b/freebsd-386-12_3
2022-04-07T17:51:26-1784cc9-7139e8b/freebsd-386-13_0
2022-04-07T17:51:26-1784cc9-7139e8b/linux-386
2022-04-07T17:51:26-1784cc9-7139e8b/linux-386-buster
2022-04-07T17:51:26-1784cc9-7139e8b/linux-386-clang
2022-04-07T17:51:26-1784cc9-7139e8b/linux-386-sid
2022-04-07T17:51:26-1784cc9-7139e8b/linux-386-stretch
2022-04-07T17:51:26-1784cc9-7139e8b/linux-arm-aws
2022-04-07T17:51:26-1784cc9-7139e8b/netbsd-386-9_0
2022-04-07T17:51:26-1784cc9-7139e8b/openbsd-386-68
2022-04-07T17:51:26-1784cc9-7139e8b/openbsd-386-70

This failure mode appears to have been introduced in CL 398755 (attn @jba; CC @golang/security). It isn't obvious to me why it wasn't caught by the TryBots for that CL.
@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Apr 7, 2022
@gopherbot gopherbot added this to the Unreleased milestone Apr 7, 2022
@bcmills bcmills modified the milestones: Unreleased, Go1.17.9 Apr 7, 2022
@bcmills bcmills added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Soon This needs action soon. (recent regressions, service outages, unusual time-sensitive situations) labels Apr 7, 2022
@bcmills
Copy link
Contributor Author

bcmills commented Apr 7, 2022

This is nominally a release-blocker for Go 1.17.9 via #11811, but since it appears to have been introduced by an x/vuln commit I think it would be reasonable to cut the planned security release even if it is not addressed by then.

(That said, since the security release is now planned for Tuesday I don't see why it would be an issue to fix by then.)

@jba jba self-assigned this Apr 7, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/398757 mentions this issue: vulncheck/internal/gosym: fix bug on 32-bit systems

@dmitshur dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Apr 12, 2022
@rsc rsc unassigned jba Jun 22, 2022
softdev050 added a commit to softdev050/Golangvuln that referenced this issue Apr 5, 2023
@softdev050
vulncheck/internal/gosym: fix bug on 32-bit systems
47a3594 
I was multiplying an offset by 8, instead of the size of a pointer.

Fixes golang/go#52218.

Change-Id: I396c833e52a96aff34b89e4e53053d15b4a0d1cd
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/398757
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
sayjun0505 added a commit to sayjun0505/Golangvuln that referenced this issue Apr 8, 2023
@sayjun0505
vulncheck/internal/gosym: fix bug on 32-bit systems
e813834 
I was multiplying an offset by 8, instead of the size of a pointer.

Fixes golang/go#52218.

Change-Id: I396c833e52a96aff34b89e4e53053d15b4a0d1cd
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/398757
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Jun 22, 2023
stanislavkononiuk added a commit to stanislavkononiuk/Golangvuln that referenced this issue Jun 26, 2023
@stanislavkononiuk
vulncheck/internal/gosym: fix bug on 32-bit systems
fa6a11c 
I was multiplying an offset by 8, instead of the size of a pointer.

Fixes golang/go#52218.

Change-Id: I396c833e52a96aff34b89e4e53053d15b4a0d1cd
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/398757
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Soon This needs action soon. (recent regressions, service outages, unusual time-sensitive situations) vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
Go1.17.9
Development

No branches or pull requests
4 participants
@dmitshur @bcmills @gopherbot @jba