Slice bounds out of range

[dholbach]

From Ada Logics

An issue was found by the FuzzUpdateWithSetters fuzzer of the image-automation-controller. The follow stack trace is produced after a few minutes of fuzzing:

panic: runtime error: slice bounds out of range [:-4]
goroutine 17 [running, locked to thread]:
github.com/fluxcd/image-automation-controller/pkg/update.UpdateWithSetters(0x2704df0, 0x3bd17d0, 0xc0001b70b0, 0x17, 0xc0001b7188, 0x17, 0xc00034f680, 0x1, 0x1,0x0, ...)
        /image-automation-controller/pkg/update/setters.go:162 +0x12e9
github.com/fluxcd/image-automation-controller/controllers.FuzzUpdateWithSetters(0x5922c00, 0x17f, 0x17f, 0x0)
        /image-automation-controller/controllers/fuzz.go:388 +0x65b
main.LLVMFuzzerTestOneInput(0x5922c00, 0x17f, 0x4b0001)
github.com/fluxcd/image-automation-controller/controllers/go.fuzz.main/main.go:35 +0x66
==8== ERROR: libFuzzer: deadly signal
    #0 0x4b20d0 in __sanitizer_print_stack_trace (/fuzzers/FuzzUpdateWithSetters+0x4b20d0)
    #1 0x45da28 in fuzzer::PrintStackTrace() (/fuzzers/FuzzUpdateWithSetters+0x45da28)
    #2 0x443a63 in fuzzer::Fuzzer::CrashCallback() (/fuzzers/FuzzUpdateWithSetters+0x443a63)
    #3 0x7fd3900c38df (/lib/x86_64-linux-gnu/libpthread.so.0+0x138df)
    #4 0x521ca0 in runtime.raise runtime/sys_linux_amd64.s:163

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 2 CrossOver-InsertByte-; base unit: a00037129c43765719c94c4c994e5652daa461b8 artifact_prefix='./'; Test unit written to
./crash-e93c32a8ad39fe95da43be27e31c5fb4d720efb9

The issue is present on this line:

name := image[:len(image)-len(tag)-1]

Recommendation

This issue can be mitigated by checking the length of image and tag.

In addition, consider recovering runtime errors to prevent recoverable panics from crashing the controller.