Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuzz: Panic during local variable rewriting stage #2720

Closed
tsandall opened this issue Sep 24, 2020 · 0 comments · Fixed by #2722
Closed

fuzz: Panic during local variable rewriting stage #2720

tsandall opened this issue Sep 24, 2020 · 0 comments · Fixed by #2722
Assignees
@tsandall
Labels
bug

Comments

@tsandall
Copy link
Member

tsandall commented Sep 24, 2020
edited
Loading

Test file:

package d c({({0|t:=0}):0})

Panic:

panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x89cbda]

goroutine 1 [running]:
github.com/open-policy-agent/opa/ast.(*Compiler).compile.func1()
        /home/torin/src/opa/ast/compile.go:881 +0x67
panic(0xbfc020, 0x11f7350)
        /usr/local/go/src/runtime/panic.go:969 +0x175
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars.func1.1(0x0, 0x250eef6a57e40609)
        /home/torin/src/opa/ast/compile.go:1120 +0x15a
github.com/open-policy-agent/opa/ast.WalkTerms.func1(0xc8ce80, 0x0, 0xc000320ba0)
        /home/torin/src/opa/ast/visit.go:181 +0x42
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc8ce80, 0x0)
        /home/torin/src/opa/ast/visit.go:270 +0x58
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk.func1(0xc00031e960, 0xc00031eaa0)
        /home/torin/src/opa/ast/visit.go:340 +0x97
github.com/open-policy-agent/opa/ast.(*object).Foreach.func1(0xc00031e960, 0xc00031eaa0, 0x40e218, 0x30)
        /home/torin/src/opa/ast/term.go:1810 +0x39
github.com/open-policy-agent/opa/ast.(*object).Iter(0xc000320bd0, 0xc000305ca8, 0xc000305d90, 0x89ccd5)
        /home/torin/src/opa/ast/term.go:1788 +0x7a
github.com/open-policy-agent/opa/ast.(*object).Foreach(0xc000320bd0, 0xc000305d98)
        /home/torin/src/opa/ast/term.go:1809 +0x53
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xcb3cc0, 0xc000320bd0)
        /home/torin/src/opa/ast/visit.go:338 +0x994
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc8ce80, 0xc00031e940)
        /home/torin/src/opa/ast/visit.go:332 +0xbc7
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc3f580, 0xc00031eee0)
        /home/torin/src/opa/ast/visit.go:312 +0xc50
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc73260, 0xc0002165a0)
        /home/torin/src/opa/ast/visit.go:299 +0x8a5
github.com/open-policy-agent/opa/ast.WalkTerms(0xc73260, 0xc0002165a0, 0xc000306210)
        /home/torin/src/opa/ast/visit.go:185 +0x70
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars.func1(0xc000215480, 0x1249301)
        /home/torin/src/opa/ast/compile.go:1117 +0xce
github.com/open-policy-agent/opa/ast.WalkRules.func1(0xc73340, 0xc000215480, 0xc00031eec0)
        /home/torin/src/opa/ast/visit.go:229 +0x56
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003064d0, 0xc73340, 0xc000215480)
        /home/torin/src/opa/ast/visit.go:270 +0x58
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003064d0, 0xc4a0a0, 0xc000216550)
        /home/torin/src/opa/ast/visit.go:281 +0x59c
github.com/open-policy-agent/opa/ast.WalkRules(0xc4a0a0, 0xc000216550, 0xc000306538)
        /home/torin/src/opa/ast/visit.go:238 +0x70
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars(0xc0003120f0)
        /home/torin/src/opa/ast/compile.go:1103 +0xe5
github.com/open-policy-agent/opa/ast.(*Compiler).runStage(0xc0003120f0, 0xcf48e2, 0x20, 0xc0002091f0)
        /home/torin/src/opa/ast/compile.go:866 +0x4f
github.com/open-policy-agent/opa/ast.(*Compiler).compile(0xc0003120f0)
        /home/torin/src/opa/ast/compile.go:886 +0x11d
github.com/open-policy-agent/opa/ast.(*Compiler).Compile(0xc0003120f0, 0xc000306888)
        /home/torin/src/opa/ast/compile.go:351 +0x2c5
github.com/open-policy-agent/opa/bundle.writeModules(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0xdc4a60, 0xc000308450, 0xc0003120f0, 0xddb540, 0xc00027caa0, 0x0, ...)
        /home/torin/src/opa/bundle/store.go:397 +0x5ed
github.com/open-policy-agent/opa/bundle.activateBundles(0xc000307068, 0xc00027caa0, 0xddcfa0)
        /home/torin/src/opa/bundle/store.go:243 +0x866
github.com/open-policy-agent/opa/bundle.Activate(...)
        /home/torin/src/opa/bundle/store.go:161
github.com/open-policy-agent/opa/internal/runtime/init.InsertAndCompile(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0xdc4a60, 0xc000308450, 0xc000205b00, 0xc000205b30, 0x0, 0x0, ...)
        /home/torin/src/opa/internal/runtime/init/init.go:67 +0x313
github.com/open-policy-agent/opa/plugins.(*Manager).Init.func1(0xdc4a60, 0xc000308450, 0xc000138010, 0xc000209190)
        /home/torin/src/opa/plugins/plugins.go:255 +0x158
github.com/open-policy-agent/opa/storage.Txn(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0x1, 0xc00020a340, 0xc000307328, 0x0, 0x0)
        /home/torin/src/opa/storage/storage.go:95 +0xe9
github.com/open-policy-agent/opa/plugins.(*Manager).Init(0xc000312000, 0xdd6340, 0xc000138010, 0xc00024e030, 0x24)
        /home/torin/src/opa/plugins/plugins.go:253 +0x105
github.com/open-policy-agent/opa/runtime.NewRuntime(0xdd6340, 0xc000138010, 0xc00024e030, 0x24, 0xc000206560, 0xc000206580, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/runtime/runtime.go:251 +0x408
github.com/open-policy-agent/opa/cmd.initRuntime(0xdd6340, 0xc000138010, 0x0, 0x0, 0xc000206560, 0xc000206580, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/cmd/run.go:258 +0x545
github.com/open-policy-agent/opa/cmd.init.8.func1(0xc00021d180, 0xc0002084e0, 0x1, 0x1)
        /home/torin/src/opa/cmd/run.go:156 +0xea
github.com/spf13/cobra.(*Command).execute(0xc00021d180, 0xc0002084b0, 0x1, 0x1, 0xc00021d180, 0xc0002084b0)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:766 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x1203480, 0xc000068778, 0xc000113f78, 0x4062a5)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:852 +0x2fe
github.com/spf13/cobra.(*Command).Execute(...)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:800
main.main()
        /home/torin/src/opa/main.go:15 +0x31
@tsandall tsandall added the bug label Sep 24, 2020
@tsandall tsandall self-assigned this Sep 24, 2020
tsandall added a commit to tsandall/opa that referenced this issue Sep 24, 2020
@tsandall
ast: Fix panic during local var rewriting
120634e 
This commit fixes an issue similar to
e88579b: when a comprehension is
nested inside of a set or used as an object key, the rewriting needs
to be careful to make a copy of the set/object to avoid mutating the
elemenet/key in-place.

Fixes open-policy-agent#2720

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
@tsandall tsandall mentioned this issue Sep 24, 2020
Merged
patrick-east pushed a commit that referenced this issue Sep 24, 2020
@tsandall @patrick-east
ast: Fix panic during local var rewriting
cc55f4a 
This commit fixes an issue similar to
e88579b: when a comprehension is
nested inside of a set or used as an object key, the rewriting needs
to be careful to make a copy of the set/object to avoid mutating the
elemenet/key in-place.

Fixes #2720

Signed-off-by: Torin Sandall <torinsandall@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsandall tsandall

Labels
bug
Projects
Open Policy Agent
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ast: Fix panic during local var rewriting tsandall/opa
1 participant
@tsandall