Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

index/suffixarray: panic: runtime error: index out of range #53352

Open
catenacyber opened this issue Jun 13, 2022 · 2 comments
Open

index/suffixarray: panic: runtime error: index out of range #53352

catenacyber opened this issue Jun 13, 2022 · 2 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unplanned

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:	macOS
ProductVersion:	12.2.1
BuildVersion:	21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

https://go.dev/play/p/Gk-DGnODS1Y

Another variant
https://go.dev/play/p/sr0X0MsAcQ0

ends with panic: runtime error: slice bounds out of range [10:1]

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

panic: runtime error: index out of range [25] with length 25

goroutine 1 [running]:
index/suffixarray.(*ints).set(...)
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:61
index/suffixarray.readSlice({0x4bd108, 0xc0000a01e0}, {0xc0000c4000, 0x4000, 0x4000}, {{0xc0000ca000, 0x19, 0x19}, {0x0, 0x0, ...}})
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:145 +0x290
index/suffixarray.(*Index).Read(0xc0000be000, {0x4bd108, 0xc0000a01e0})
	/usr/local/go-faketime/src/index/suffixarray/suffixarray.go:195 +0x432
main.main()
	/tmp/sandbox4264139982/prog.go:13 +0xf3

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47954

cf #52120 but there is no error to be caught here, right ?
@gopherbot
Copy link

Change https://go.dev/cl/411995 mentions this issue: index/suffixarray: fix index out of range when reading malformed indexes

@seankhliao seankhliao added the NeedsFix The path to resolution is known, but the work has not been done. label Jun 15, 2022
@foadmom
Copy link

foadmom commented Aug 1, 2022

I think, the code fails because index.Read uses binary.Varint(buf) to calculate the length of the io.Reader's buffer by reading the first 10 bytes as if the first 10 bytes of the buffer contain the length of the buffer. it is a shame that io.Reader has no calls to return the buffer so the len can be called against the io.Reader's buffer.
On the other hand i might have misunderstood the code completely.

@seankhliao seankhliao added this to the Unplanned milestone Aug 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@gopherbot @seankhliao @catenacyber @foadmom