Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vuln/vulncheck/internal/binscan: TestCommand failures #55218

Closed
gopherbot opened this issue Sep 20, 2022 · 4 comments
Closed

x/vuln/vulncheck/internal/binscan: TestCommand failures #55218

gopherbot opened this issue Sep 20, 2022 · 4 comments
Assignees
@zpavlinovic
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo x/vuln
Milestone
Unreleased

Comments

@gopherbot
Copy link 

#!watchflakes
post <- pkg == "golang.org/x/vuln/vulncheck/internal/binscan" && test == "TestCommand"

Bug automatically created to track these flakes.

— watchflakes
@gopherbot gopherbot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 20, 2022
@gopherbot
Copy link
Author

gopherbot commented Sep 20, 2022
edited

Found new matching flaky dashboard failures for:

#!watchflakes
post <- pkg == "golang.org/x/vuln/vulncheck/internal/binscan" && test == "TestCommand"
2022-09-02 21:14 illumos-amd64 vuln@27dd78d2 go@8fd20736 golang.org/x/vuln/vulncheck/internal/binscan.TestCommand (log) 
--- FAIL: TestCommand (40.77s)
    cmdtest.go:444: $ govulncheck /var/tmp/workdir-host-illumos-amd64-jclulow/tmp/buildtest868712808/novuln
    --- FAIL: TestCommand/testdata/default-binary (1.38s)
        cmdtest.go:320: testdata/default-binary.ct:4: "govulncheck ${novuln_binary}" failed with exit status 2. Output:
            govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

            Scanning for dependencies with known vulnerabilities...
            panic: runtime error: slice bounds out of range [983050:429704]

            goroutine 1 [running]:
...
    --- FAIL: TestCommand/testdata/json-binary (0.68s)
        cmdtest.go:320: testdata/json-binary.ct:1: "govulncheck -json ${novuln_binary}" failed with exit status 2. Output:
            panic: runtime error: slice bounds out of range [983050:429704]

            goroutine 1 [running]:
            golang.org/x/vuln/vulncheck/internal/gosym.(*LineTable).funcName(0xc0000ba900, 0xf000a)
            	.../pclntab.go:450 +0x18a
            golang.org/x/vuln/vulncheck/internal/gosym.(*LineTable).InlineTree(0xc0000ba900, 0xc00009fb78, 0x9?, 0x7?, {0x927120?, 0xc000025800})
            	.../pclntab.go:179 +0x1ec
            golang.org/x/vuln/vulncheck/internal/binscan.ExtractPackagesAndSymbols({0x927420, 0xc000014078})
...
          A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
          Found in: github.com/tidwall/gjson@v1.9.2
          Fixed in: github.com/tidwall/gjson@v1.9.3
          More info: https://pkg.go.dev/vuln/GO-2022-0592

        Vulnerability #2: GO-2021-0265
          GJSON allowed a ReDoS (regular expression denial of service) attack.
          Found in: github.com/tidwall/gjson@v1.9.2
          Fixed in: github.com/tidwall/gjson@v1.9.3
          More info: https://pkg.go.dev/vuln/GO-2021-0265

watchflakes

@gopherbot gopherbot added this to the Unreleased milestone Sep 20, 2022
@rsc
Copy link
Contributor

rsc commented Sep 20, 2022

Stopped.

@rsc rsc closed this as completed Sep 20, 2022
@gopherbot gopherbot changed the title x/vuln/vulncheck/internal/binscan: flaky TestCommand x/vuln/vulncheck/internal/binscan: TestCommand failures Sep 20, 2022
@gopherbot gopherbot reopened this Feb 6, 2023
@gopherbot
Copy link
Author

Found new dashboard test flakes for:

#!watchflakes
post <- pkg == "golang.org/x/vuln/vulncheck/internal/binscan" && test == "TestCommand"
2023-02-01 22:29 windows-arm64-11 vuln@4c848edc go@103f3749 x/vuln/vulncheck/internal/binscan.TestCommand (log) 
C:\workdir\gopath\pkg\mod\github.com\tidwall\pretty@v1.2.0\pretty.go:4:2: package bytes is not in GOROOT (C:\workdir\go\src\bytes)
C:\workdir\gopath\pkg\mod\github.com\tidwall\gjson@v1.9.2\gjson.go:5:2: package encoding/json is not in GOROOT (C:\workdir\go\src\encoding\json)
C:\workdir\gopath\pkg\mod\github.com\tidwall\gjson@v1.9.2\gjson.go:13:2: open C:\workdir\gocache\68\689fb624bc6555c23396a05a43943fb1b2760b91fbe0e27614574e8d8294b273-d: The system cannot find the path specified.
C:\workdir\go\src\runtime\error.go:7:8: package internal/bytealg is not in GOROOT (C:\workdir\go\src\internal\bytealg)
C:\workdir\go\src\runtime\alg.go:8:2: package internal/cpu is not in GOROOT (C:\workdir\go\src\internal\cpu)
C:\workdir\go\src\runtime\mgcpacer.go:9:2: package internal/goexperiment is not in GOROOT (C:\workdir\go\src\internal\goexperiment)
C:\workdir\go\src\runtime\extern.go:224:2: package internal/goos is not in GOROOT (C:\workdir\go\src\internal\goos)
C:\workdir\go\src\os\exec_posix.go:10:2: package internal/itoa is not in GOROOT (C:\workdir\go\src\internal\itoa)
C:\workdir\go\src\errors\wrap.go:8:2: package internal/reflectlite is not in GOROOT (C:\workdir\go\src\internal\reflectlite)
C:\workdir\go\src\fmt\print.go:9:2: package io is not in GOROOT (C:\workdir\go\src\io)
C:\workdir\go\src\math\fma.go:7:8: package math/bits is not in GOROOT (C:\workdir\go\src\math\bits)
C:\workdir\go\src\internal\fmtsort\sort.go:12:2: package reflect is not in GOROOT (C:\workdir\go\src\reflect)
C:\workdir\go\src\internal\fmtsort\sort.go:13:2: package sort is not in GOROOT (C:\workdir\go\src\sort)
C:\workdir\go\src\internal\syscall\windows\syscall_windows.go:8:2: package sync is not in GOROOT (C:\workdir\go\src\sync)
C:\workdir\go\src\internal\syscall\windows\net_windows.go:8:2: package syscall is not in GOROOT (C:\workdir\go\src\syscall)
C:\workdir\go\src\strings\strings.go:12:2: package unicode is not in GOROOT (C:\workdir\go\src\unicode)
C:\workdir\go\src\internal\poll\fd_windows.go:15:2: package unicode/utf8 is not in GOROOT (C:\workdir\go\src\unicode\utf8)
--- FAIL: TestCommand (4.84s)
    buildtest.go:78: exit status 1

watchflakes

@gopherbot gopherbot added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Feb 6, 2023
@zpavlinovic zpavlinovic self-assigned this Sep 27, 2023
@zpavlinovic
Copy link
Contributor

Stopped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zpavlinovic zpavlinovic

Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo x/vuln
Projects
Test Flakes
Status: Done
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@rsc @zpavlinovic @gopherbot