Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

index/suffixarray: panic: runtime error: slice bounds out of range [92:62] #52120

Closed
catenacyber opened this issue Apr 2, 2022 · 5 comments
Closed

index/suffixarray: panic: runtime error: slice bounds out of range [92:62] #52120

catenacyber opened this issue Apr 2, 2022 · 5 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go1.19

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:	macOS
ProductVersion:	12.2.1
BuildVersion:	21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

Run https://go.dev/play/p/6DgniLmM4fU

What did you expect to see?

The program finishing and printing somme dummy data

What did you see instead?

panic: runtime error: slice bounds out of range [92:62]

goroutine 1 [running]:
index/suffixarray.(*Index).at(...)
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:239
index/suffixarray.(*Index).lookupAll.func1(0xc00010a000?)
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:247 +0x9f
sort.Search(0x12?, 0xc00004ddc0)
	/usr/local/go-faketime/src/sort/search.go:66 +0x48
index/suffixarray.(*Index).lookupAll(0xc000068050, {0xc00004df49, 0x7, 0x7})
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:247 +0x9f
index/suffixarray.(*Index).Lookup(0xc000068050?, {0xc00004df49?, 0xc000012210?, 0x404fb9?}, 0x2)
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:261 +0x56
main.main()
	/tmp/sandbox905609517/prog.go:14 +0x165

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46138
@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 5, 2022
@cherrymui cherrymui added this to the Go1.19 milestone Apr 5, 2022
@cherrymui
Copy link
Member

cc @griesemer @rsc

@catenacyber
Copy link
Contributor Author

Friendly ping, what is the status on this index/suffixarray package ?

@griesemer
Copy link
Contributor

@catenacyber AFAIK nobody has had the bandwidth to investigate at the moment.

@ZekeLu
Copy link
Contributor

ZekeLu commented May 10, 2022
edited

I think this is not a bug that needs to be fixed.

func (x *Index) Read(r io.Reader) error is supposed to restore a suffix array produced by func (x *Index) Write(w io.Writer) error.

In the demo, that data passed to Read() is invalid (in fact, Read() has returned an error, which is not checked). In this case, the suffix array is corrupted. So it does not make sense to call Lookup() against it.

@catenacyber
Copy link
Contributor Author

Indeed, thanks for the analysis

@ZekeLu ZekeLu mentioned this issue May 10, 2022
Closed
@catenacyber catenacyber mentioned this issue Jun 13, 2022
Open
@golang golang locked and limited conversation to collaborators May 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Go1.19
Development

No branches or pull requests
5 participants
@ZekeLu @griesemer @gopherbot @cherrymui @catenacyber