New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/json: panic during json unmarshal #18403
Comments
The crash is occurring in the assembler implementation for The second slice is the key field of the JSON string, as read by This crash frankly seems completely impossible unless there has already been some memory corruption. You say "potentially there was some data corruption here"; I would have to agree. The Go runtime can't operate normally in the presence of data corruption. Is this problem repeatable? |
It seems repeatable with the bolt db in question (which I'm still trying to get my hands on). So, until I can get a copy of the affected db, I can't replicate. |
I think this may be due to a misuse of bolt. The byte slice you are unmarshalling, entry.Value, comes from entries, which is generated in listEntries by directly preserving references to However, the bolt docs state:
I believe the correct fix is in listEntries. When you are creating each new entry, make new k and v byte slices of the correct length and copy in the data from bolt. You will probably want to audit the other uses of bolt for similar bugs. |
Something like this (untested, typed into github comment) should do the trick:
|
Ah thanks, I was wondering about that but hadn't seen anything, and couldn't repro the issue with the same useage. |
Closing based on @josharian's analysis. Please comment if that turns out to be incorrect. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?1.7.3
What operating system and processor architecture are you using (
go env
)?linux/amd64
What did you do?
Unmarshal a byte slice via
json.Unmarshal
.Paniced code is here: https://github.com/docker/docker/blob/6ef1060cd0acb847e06db890abb335faa837a9e2/volume/store/restore.go#L35
What did you expect to see?
I would not expect the panic here
What did you see instead?
Panic is here: https://gist.github.com/cpuguy83/715079190b7e00a367c3b2cc4a415c9c
Potentially there was some data corruption here as the system in question shows an unclean shutdown, however at the point that we are unmarshalling we've already pulled the data from boltdb, we're just unmarshalling the raw bytes to a struct.
Relevant struct is here:
Tracking in moby/moby#29636
The text was updated successfully, but these errors were encountered: