Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panic slice out of bounds #3863

Open
jonathongardner opened this issue Jan 31, 2025 · 4 comments
Open

Panic slice out of bounds #3863

jonathongardner opened this issue Jan 31, 2025 · 4 comments
Labels
bug

Comments

@jonathongardner
Copy link

Please review the Community Note before submitting

TruffleHog Version

v3.88.3

Trace Output

	/opt/hostedtoolcache/go/1.23.5/x64/src/runtime/debug/stack.go:26 +0x64
github.com/trufflesecurity/trufflehog/v3/pkg/common.Recover({0x49ea0e0, 0x40010f9740})
	/home/runner/work/trufflehog/trufflehog/pkg/common/recover.go:17 +0x44
panic({0x3cfaba0?, 0x4001794198?})
	/opt/hostedtoolcache/go/1.23.5/x64/src/runtime/panic.go:785 +0x124
github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick.(*DetectorMatch).extractMatches(...)
	/home/runner/work/trufflehog/trufflehog/pkg/engine/ahocorasick/ahocorasickcore.go:215
github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick.(*Core).FindDetectorMatches(0x4000f7e960, {0x4009400000, 0x35e1, 0x4000})
	/home/runner/work/trufflehog/trufflehog/pkg/engine/ahocorasick/ahocorasickcore.go:271 +0x354
github.com/trufflesecurity/trufflehog/v3/pkg/engine.(*Engine).scannerWorker(0x4002039040, {0x49ea0e0, 0x40010f9740})
	/home/runner/work/trufflehog/trufflehog/pkg/engine/engine.go:792 +0x450
github.com/trufflesecurity/trufflehog/v3/pkg/engine.(*Engine).startScannerWorkers.func1()
	/home/runner/work/trufflehog/trufflehog/pkg/engine/engine.go:667 +0xd8
created by github.com/trufflesecurity/trufflehog/v3/pkg/engine.(*Engine).startScannerWorkers in goroutine 1
	/home/runner/work/trufflehog/trufflehog/pkg/engine/engine.go:663 +0xf4
	{"scanner_worker_id": "fdG5y", "recover": "runtime error: slice bounds out of range [14074:13793]", "error": "panic"}

Expected Behavior

No panic and it doesnt get hung

Actual Behavior

The panic is logged and it gets hung

Steps to Reproduce

docker run --rm -v $PWD:/scan --name th trufflesecurity/trufflehog:latest filesystem /scan/

If i can reproduce it with a custom file i will upload that. If it helps its Unicode text, UTF-8 text
@zricethezav
Copy link
Collaborator

@jonathongardner

If i can reproduce it with a custom file i will upload that.

Please do. Can't really do anything with this issue without something to test against.

@rgmz
Copy link
Contributor

rgmz commented Feb 3, 2025

Likely related to #3002.

@ahrav
Copy link
Collaborator

ahrav commented Feb 4, 2025

I suspect this issue stems from a rare case where multiple detector interfaces interfere with each other when setting the start index. I don’t see why we can’t add a safety check to prevent this until we identify the root cause.

Oh, @rgmz already suggested that in the related issue. @zricethezav, any objections to adding the check for now to prevent the scan from panicking?

@ahrav
Copy link
Collaborator

ahrav commented Feb 4, 2025

#3867 should hopefully remedy the issue for the time being.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jonathongardner @zricethezav @ahrav @rgmz