Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debug/buildinfo: index out of range in buildinfo.Read #57002

Closed
catenacyber opened this issue Nov 30, 2022 · 4 comments
Closed

debug/buildinfo: index out of range in buildinfo.Read #57002

catenacyber opened this issue Nov 30, 2022 · 4 comments
Labels
FrozenDueToAge help wanted NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Backlog

Comments

@catenacyber
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.19 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOENV="/root/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/root/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/root/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/root/.go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/root/.go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/src/ngolo-fuzzing/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2481516251=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Run https://go.dev/play/p/zg9wqIx_kNC

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

panic: runtime error: slice bounds out of range [238:144]

goroutine 1 [running]:
debug/buildinfo.readRawBuildInfo({0x4f1488, 0xc0000a0240})
	/usr/local/go-faketime/src/debug/buildinfo/buildinfo.go:192 +0x7ed
debug/buildinfo.Read({0x4f1488?, 0xc0000a0240?})
	/usr/local/go-faketime/src/debug/buildinfo/buildinfo.go:74 +0x27
main.main()
	/tmp/sandbox2705974307/prog.go:12 +0x98

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing with oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53843
@catenacyber
Copy link
Contributor Author

catenacyber commented Nov 30, 2022
edited
Loading

https://go.dev/play/p/53KWe0RLvLY may be another reproducer from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53831

Output is

panic: runtime error: index out of range [7] with length 1

goroutine 1 [running]:
encoding/binary.bigEndian.Uint64(...)
	/usr/local/go-faketime/src/encoding/binary/binary.go:179
debug/buildinfo.readRawBuildInfo({0x4f1488, 0xc000016270})
	/usr/local/go-faketime/src/debug/buildinfo/buildinfo.go:192 +0x696
debug/buildinfo.Read({0x4f1488?, 0xc000016270?})
	/usr/local/go-faketime/src/debug/buildinfo/buildinfo.go:74 +0x27
main.main()
	/tmp/sandbox3219282313/prog.go:12 +0x98

Program exited.

@bcmills bcmills added help wanted NeedsFix The path to resolution is known, but the work has not been done. labels Nov 30, 2022
@bcmills bcmills added this to the Backlog milestone Nov 30, 2022
@nikola-jokic
Copy link
Contributor

Hey @bcmills, can I give it a try?

@bcmills
Copy link
Contributor

bcmills commented Nov 30, 2022

Sure! Just don't forget to add a regression test. 🙃

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/454616 mentions this issue: debug/buildinfo: check pointer size on buildinfo.Read

@golang golang locked and limited conversation to collaborators Dec 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge help wanted NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@bcmills @gopherbot @catenacyber @nikola-jokic