Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go/doc: makeslice: cap out of range #52783

Closed
catenacyber opened this issue May 9, 2022 · 3 comments
Closed

go/doc: makeslice: cap out of range #52783

catenacyber opened this issue May 9, 2022 · 3 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker
Milestone
Go1.19

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:	macOS
ProductVersion:	12.2.1
BuildVersion:	21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

Run https://go.dev/play/p/bZNJUi-_EDA?v=gotip

Bug only affects dev branch, not go 1.18

What did you expect to see?

The program finishing and printing hello

What did you see instead?

panic: runtime error: makeslice: cap out of range

goroutine 1 [running]:
go/doc/comment.wrap({0x595078?, 0x0, 0x0}, 0x50)
	/usr/local/go-faketime/src/go/doc/comment/text.go:293 +0x225
go/doc/comment.(*textPrinter).text(0xc000074e60, 0x0?, {0x0, 0x0}, {0xc000060040?, 0xc000074d88?, 0x40c37f?})
	/usr/local/go-faketime/src/go/doc/comment/text.go:147 +0x148
go/doc/comment.(*textPrinter).block(0xc000074e60, 0x0?, {0x4e1f28?, 0xc000010030?})
	/usr/local/go-faketime/src/go/doc/comment/text.go:89 +0x1ba
go/doc/comment.(*Printer).Text(0xc000074ef0?, 0xc000016390)
	/usr/local/go-faketime/src/go/doc/comment/text.go:46 +0x30d
go/doc.ToText({0x4e1e48, 0xc000016360}, {0x4c7765, 0x34}, {0x0, 0x0}, {0x0, 0x0}, 0x0)
	/usr/local/go-faketime/src/go/doc/comment.go:70 +0x19b
main.main()
	/tmp/sandbox877674824/prog.go:12 +0x55

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47334

Regression range is indicated as a6f6932:2b31abc5286e4f29f934c4123101feabf0f4aaca
@catenacyber catenacyber changed the title affected/package: go/doc: makeslice: cap out of range May 9, 2022
@bcmills bcmills added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker labels May 9, 2022
@bcmills bcmills added this to the Go1.19 milestone May 9, 2022
@bcmills
Copy link
Contributor

bcmills commented May 9, 2022

The go/doc/comment package was introduced for #51082, so this is a regression in Go 1.19, which makes it a release-blocker.

@bcmills bcmills mentioned this issue May 9, 2022
Closed
@bcmills
Copy link
Contributor

bcmills commented May 9, 2022

The crash is on this line:

	d := make([]int, 1, len(words))

That suggests to me that len(words) is (unexpectedly?) 0 for this input.

@gopherbot
Copy link

Change https://go.dev/cl/405215 mentions this issue: go/doc/comment: don't crash if there are no words to wrap

@rsc rsc removed their assignment Jun 22, 2022
@golang golang locked and limited conversation to collaborators Jun 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker
Projects
None yet
Milestone
Go1.19
Development

No branches or pull requests
4 participants
@rsc @bcmills @gopherbot @catenacyber