Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/doc: runtime error: slice bounds out of range [:68] with length 67 #52353

Closed
catenacyber opened this issue Apr 14, 2022 · 5 comments
Closed

go/doc: runtime error: slice bounds out of range [:68] with length 67 #52353

catenacyber opened this issue Apr 14, 2022 · 5 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.19

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:	macOS
ProductVersion:	12.2.1
BuildVersion:	21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

Run https://go.dev/play/p/IM9A4XRruug?v=gotip

Bug is only on dev branch, not in go 1.18

What did you expect to see?

The program finishing and printing somme dummy data

What did you see instead?

panic: runtime error: slice bounds out of range [:68] with length 67

goroutine 1 [running]:
go/doc/comment.ident({0x4c596b, 0x43})
	/usr/local/go-faketime/src/go/doc/comment/parse.go:1073 +0x17b
go/doc/comment.(*parseDoc).parseText(0xc000074e78, {0x0, 0x0, 0x0}, {0x4c5943, 0x6b}, 0x1)
	/usr/local/go-faketime/src/go/doc/comment/parse.go:824 +0x36d
go/doc/comment.(*parseDoc).parseLinkedText.func1(...)
	/usr/local/go-faketime/src/go/doc/comment/parse.go:686
go/doc/comment.(*parseDoc).parseLinkedText(0xc000074e78, {0x4c5943, 0x6b})
	/usr/local/go-faketime/src/go/doc/comment/parse.go:726 +0x665
go/doc/comment.(*Parser).Parse(0xc000074ef0, {0x4c5943?, 0x0?})
	/usr/local/go-faketime/src/go/doc/comment/parse.go:344 +0x772
go/doc.ToText({0x4de838, 0xc000016360}, {0x4c5943, 0x6b}, {0x0, 0x0}, {0x0, 0x0}, 0x0)
	/usr/local/go-faketime/src/go/doc/comment.go:64 +0x10e
main.main()
	/tmp/sandbox1955597472/prog.go:12 +0x55

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46647
@catenacyber
Copy link
Contributor Author

catenacyber commented Apr 14, 2022
edited

Regression range is indicated by oss-fuzz as a6f6932 : 2b31abc (I did not check it)

@Jorropo
Copy link
Member

Jorropo commented Apr 14, 2022

I have bisected it to 27b7b1f

@Jorropo
Copy link
Member

Jorropo commented Apr 14, 2022
edited

I have a fix, adding tests and pushing soon.

Jorropo added a commit to Jorropo/go that referenced this issue Apr 14, 2022
@Jorropo
go/doc: fix incorrect indentifier decoding in comments
4d432b7 
This code was trying to decode each codepoint one by one, but didn't resliced the string, so it was instead reading the first codepoint over and over, if the string length was not a multiple of the codepoint length, this would cause us to walk past the end of the string.

This was a latent bug introduced in CL 397277 but was revealed to OSS-Fuzz in CL 384265.

Fixes golang#52353
@Jorropo Jorropo mentioned this issue Apr 14, 2022
Closed
@gopherbot
Copy link

Change https://go.dev/cl/400240 mentions this issue: go/doc: fix incorrect indentifier parsing in comments

@catenacyber
Copy link
Contributor Author

cc @rsc

@dmitshur dmitshur added the NeedsFix The path to resolution is known, but the work has not been done. label Apr 14, 2022
@dmitshur dmitshur added this to the Go1.19 milestone Apr 14, 2022
Jorropo added a commit to Jorropo/go that referenced this issue Apr 15, 2022
@Jorropo
go/doc: fix incorrect indentifier decoding in comments
424f6cf 
This code was trying to decode each codepoint one by one, but didn't resliced the string, so it was instead reading the first codepoint over and over, if the string length was not a multiple of the codepoint length, this would cause us to walk past the end of the string.

This was a latent bug introduced in CL 397277 but was revealed to OSS-Fuzz in CL 384265.

Fixes golang#52353
@golang golang locked and limited conversation to collaborators Apr 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.19
Development

Successfully merging a pull request may close this issue.

go/doc: fix incorrect identifier parsing in comments Jorropo/go
4 participants
@dmitshur @gopherbot @Jorropo @catenacyber