Skip to content

x/vuln: "panic: interface conversion: types.Type is *types.Interface, not *types.Array" #59754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
alexeykiselev opened this issue Apr 21, 2023 · 7 comments
Closed

x/vuln: "panic: interface conversion: types.Type is *types.Interface, not *types.Array" #59754

alexeykiselev opened this issue Apr 21, 2023 · 7 comments
Assignees
@zpavlinovic
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/v0.2.0

Comments

@alexeykiselev
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.20.3 darwin/amd64

Does this issue reproduce at the latest version of golang.org/x/vuln?

Yes, the version is v0.0.0-20230420164154-4183d94fd335.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

GO111MODULE=""

GOARCH="amd64"

GOBIN="/Users/alexeykiselev/go/bin"

GOCACHE="/Users/alexeykiselev/Library/Caches/go-build"

GOENV="/Users/alexeykiselev/Library/Application Support/go/env"

GOEXE=""

GOEXPERIMENT=""

GOFLAGS=""

GOHOSTARCH="amd64"

GOHOSTOS="darwin"

GOINSECURE=""

GOMODCACHE="/Users/alexeykiselev/go/pkg/mod"

GONOPROXY=""

GONOSUMDB=""

GOOS="darwin"

GOPATH="/Users/alexeykiselev/go"

GOPRIVATE=""

GOPROXY="https://proxy.golang.org,direct"

GOROOT="/usr/local/opt/go/libexec"

GOSUMDB="sum.golang.org"

GOTMPDIR=""

GOTOOLDIR="/usr/local/opt/go/libexec/pkg/tool/darwin_amd64"

GOVCS=""

GOVERSION="go1.20.3"

GCCGO="gccgo"

GOAMD64="v1"

AR="ar"

CC="cc"

CXX="c++"

CGO_ENABLED="1"

GOMOD="/dev/null"

GOWORK=""

CGO_CFLAGS="-O2 -g"

CGO_CPPFLAGS=""

CGO_CXXFLAGS="-O2 -g"

CGO_FFLAGS="-O2 -g"

CGO_LDFLAGS="-O2 -g"

PKG_CONFIG="pkg-config"

GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/cl/l92tcvwd0vz1wx2mwp9v468r0000gn/T/go-build2991959473=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

  1. Update govulncheck.
go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v0.0.0-20230420164154-4183d94fd335
  1. Checkout project gowaves.
git clone https://github.com/wavesplatform/gowaves.git
  1. Run govulncheck.
cd gowaves
govulncheck ./...

What did you expect to see?

Successful execution.

What did you see instead?

govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.20.3 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 2023-04-18 21:32:26 +0000 UTC).

Scanning your code and 555 packages across 93 dependent modules for known vulnerabilities...
panic: interface conversion: types.Type is *types.Interface, not *types.Array

goroutine 9011 [running]:
golang.org/x/tools/go/callgraph/vta.sliceArrayElem({0x164ed98, 0xc06732bac0})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/utils.go:126 +0x185
golang.org/x/tools/go/callgraph/vta.(*builder).indexAddr(0xc06c0bfc08?, 0xc0673502a0)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:486 +0x38
golang.org/x/tools/go/callgraph/vta.(*builder).instr(0xc06c0bfaf0?, {0x1652978?, 0xc0673502a0?})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:358 +0x2cd
golang.org/x/tools/go/callgraph/vta.(*builder).fun(...)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:300
golang.org/x/tools/go/callgraph/vta.(*builder).visit(0xc06c0bfc08, 0x50?)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:292 +0x1bf
golang.org/x/tools/go/callgraph/vta.typePropGraph(...)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:266
golang.org/x/tools/go/callgraph/vta.CallGraph(0xc06c0bfee0?, 0xc04f645040)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/vta.go:75 +0xe5
golang.org/x/vuln/internal/vulncheck.callGraph({0x1651180, 0xc000b12c30}, 0xc010ef0540, {0xc02b966000, 0x1628, 0x0?})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230420164154-4183d94fd335/internal/vulncheck/utils.go:80 +0x23e
golang.org/x/vuln/internal/vulncheck.Source.func1()
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230420164154-4183d94fd335/internal/vulncheck/source.go:80 +0xf5
created by golang.org/x/vuln/internal/vulncheck.Source
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230420164154-4183d94fd335/internal/vulncheck/source.go:76 +0x3e5

Also project's GitHub Action fails with the same error, but different version of govulncheck:

go: downloading golang.org/x/vuln v0.0.0-20230419231234-ceb2c82124a6
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.19.8 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev/ (last modified 2023-04-18 21:32:26 +0000 UTC).

Scanning your code and 554 packages across 93 dependent modules for known vulnerabilities...
panic: interface conversion: types.Type is *types.Interface, not *types.Array

goroutine 8928 [running]:
golang.org/x/tools/go/callgraph/vta.sliceArrayElem({0xa40290, 0xc0674ad440})
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/utils.go:126 +0x1bd
golang.org/x/tools/go/callgraph/vta.(*builder).indexAddr(0xc08be1dc08?, 0xc0674ccba0)
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:486 +0x38
golang.org/x/tools/go/callgraph/vta.(*builder).instr(0xc08be1daf0?, {0xa443b8?, 0xc0674ccba0?})
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:358 +0x165
golang.org/x/tools/go/callgraph/vta.(*builder).fun(...)
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:300
golang.org/x/tools/go/callgraph/vta.(*builder).visit(0xc08be1dc08, 0xf?)
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:292 +0x1e5
golang.org/x/tools/go/callgraph/vta.typePropGraph(...)
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/graph.go:266
golang.org/x/tools/go/callgraph/vta.CallGraph(0xc08be1dee0?, 0xc03febee40)
	/home/runner/go/pkg/mod/golang.org/x/tools@v0.7.0/go/callgraph/vta/vta.go:75 +0xe5
golang.org/x/vuln/internal/vulncheck.callGraph({0xa42838, 0xc013b3b340}, 0xc049909680, {0xc000c96000, 0x1628, 0x0?})
	/home/runner/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230419231234-ceb2c82124a6/internal/vulncheck/utils.go:80 +0x23e
golang.org/x/vuln/internal/vulncheck.Source.func1()
	/home/runner/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230419231234-ceb2c82124a6/internal/vulncheck/source.go:80 +0xf5
created by golang.org/x/vuln/internal/vulncheck.Source
	/home/runner/go/pkg/mod/golang.org/x/vuln@v0.0.0-20230419231234-ceb2c82124a6/internal/vulncheck/source.go:76 +0x3db
Error: Process completed with exit code 2.
@alexeykiselev alexeykiselev added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Apr 21, 2023
@gopherbot gopherbot modified the milestones: Unreleased, vuln/unplanned Apr 21, 2023
@prattmic prattmic changed the title x/vuln: Return of #57174 "panic: interface conversion: types.Type is *types.Interface, not *types.Array" x/vuln: "panic: interface conversion: types.Type is *types.Interface, not *types.Array" Apr 21, 2023
@prattmic
Copy link
Member

Similar to #57174.

cc @golang/vulndb

@prattmic prattmic added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 21, 2023
@zpavlinovic zpavlinovic self-assigned this Apr 21, 2023
@julieqiu julieqiu modified the milestones: vuln/unplanned, vuln/v0.2.0 Apr 21, 2023
@zpavlinovic
Copy link
Contributor

zpavlinovic commented Apr 27, 2023
edited
Loading

I was not able to reproduce the issue. Do you still experience the issue on the most recent version of govulncheck?

@alexeykiselev
Copy link
Author

Yes, it is still reproducible, but now it only fails on go version 1.20; on 1.19, it does not fail.

❯ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.20.3 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 2023-04-18 21:32:26 +0000 UTC).

Scanning your code and 555 packages across 93 dependent modules for known vulnerabilities...
panic: interface conversion: types.Type is *types.Interface, not *types.Array

goroutine 9028 [running]:
golang.org/x/tools/go/callgraph/vta.sliceArrayElem({0x164f8d8, 0xc052ecc8a0})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/utils.go:126 +0x185
golang.org/x/tools/go/callgraph/vta.(*builder).indexAddr(0xc058a3fc08?, 0xc052ec5d40)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/graph.go:486 +0x38
golang.org/x/tools/go/callgraph/vta.(*builder).instr(0xc058a3faf0?, {0x16534b8?, 0xc052ec5d40?})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/graph.go:358 +0x2cd
golang.org/x/tools/go/callgraph/vta.(*builder).fun(...)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/graph.go:300
golang.org/x/tools/go/callgraph/vta.(*builder).visit(0xc058a3fc08, 0x50?)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/graph.go:292 +0x1bf
golang.org/x/tools/go/callgraph/vta.typePropGraph(...)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/graph.go:266
golang.org/x/tools/go/callgraph/vta.CallGraph(0xc058a3fee0?, 0xc06f3a7e70)
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/tools@v0.8.1-0.20230421161920-b9619ee54b47/go/callgraph/vta/vta.go:75 +0xe5
golang.org/x/vuln/internal/vulncheck.callGraph({0x1651cc0, 0xc0428b2690}, 0xc03b21afc0, {0xc06f3c0000, 0x1628, 0xc000202000?})
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.1.0/internal/vulncheck/utils.go:80 +0x23e
golang.org/x/vuln/internal/vulncheck.Source.func1()
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.1.0/internal/vulncheck/source.go:77 +0xf5
created by golang.org/x/vuln/internal/vulncheck.Source
	/Users/alexeykiselev/go/pkg/mod/golang.org/x/vuln@v0.1.0/internal/vulncheck/source.go:73 +0x385

This is from our GitHub Action task https://github.com/wavesplatform/gowaves/actions/runs/4818244461/jobs/8579970029?pr=1082

Run go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
go: downloading golang.org/x/vuln v0.1.0
go: downloading golang.org/x/mod v0.10.0
go: downloading golang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.19.8 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev/ (last modified 2023-04-18 21:32:26 +0000 UTC).

Scanning your code and 554 packages across 93 dependent modules for known vulnerabilities...
No vulnerabilities found.

@zpavlinovic
Copy link
Contributor

zpavlinovic commented Apr 28, 2023
edited
Loading

As far as I understand, your local GOOS is darwin. What about the Github Action?

@alexeykiselev
Copy link
Author

It's ubuntu-latest, which, as I understand, is Ubuntu 22.04.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/492815 mentions this issue: go/callgraph/vta: allow pointer to type parameter in sliceArrayElem

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/492739 mentions this issue: go/callgraph/vta: allow pointer to type parameter in sliceArrayElem

@golang golang locked and limited conversation to collaborators May 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@zpavlinovic zpavlinovic

Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/v0.2.0
Development

No branches or pull requests
5 participants
@alexeykiselev @zpavlinovic @prattmic @julieqiu @gopherbot