Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Semgrep 0.72.0 tries to analyze .png files and crashes #4258

Closed
1 of 3 tasks
IagoAbal opened this issue Nov 11, 2021 · 4 comments · Fixed by #4272
Closed
1 of 3 tasks

Semgrep 0.72.0 tries to analyze .png files and crashes #4258

IagoAbal opened this issue Nov 11, 2021 · 4 comments · Fixed by #4272
Labels
bug Something isn't working priority:high Issue requires immediate attention

Comments

@IagoAbal
Copy link
Collaborator

IagoAbal commented Nov 11, 2021
edited

Describe the bug
Semgrep 0.72.0 tries to analyze .png and other binary files and then crashes with Pcre.Error(BadUTF8):
https://r2c-community.slack.com/archives/C0242656NQ2/p1636567860034600. Affects paying customers.

To Reproduce
This can be reproduced on this public repo https://github.com/RecordReplay/devtools/, see https://github.com/RecordReplay/devtools/runs/4169052484?check_suite_focus=true#step:4:19

What is the priority of the bug to you?

  • P0: blocking your adoption of Semgrep or workflow
  • P1: important to fix or quite annoying
  • P2: regular bug that should get fixed
@IagoAbal IagoAbal added bug Something isn't working priority:high Issue requires immediate attention labels Nov 11, 2021
IagoAbal added a commit to semgrep/semgrep-action that referenced this issue Nov 11, 2021
@IagoAbal
REVERT: Release 0.72.0
5d5eba9 
There is a serious bug in 0.72.0 that causes Semgrep to analyze .png and
other binary files, and crash with Pcre.Error(BadUTF8). This is affects
paying customers. Rolling back to 0.71.0 until this is fixed.

Related-to: semgrep/semgrep#4258
@IagoAbal IagoAbal mentioned this issue Nov 11, 2021
Merged
1 task
IagoAbal added a commit to semgrep/semgrep-action that referenced this issue Nov 11, 2021
@IagoAbal
REVERT: Release 0.72.0
687046f 
There is a serious bug in 0.72.0 that causes Semgrep to analyze .png and
other binary files, and crash with Pcre.Error(BadUTF8). This affects
paying customers. Rolling back to 0.71.0 until this is fixed.

Related-to: semgrep/semgrep#4258
@IagoAbal
Copy link
Collaborator Author

cc @mjambon

@IagoAbal
Copy link
Collaborator Author

cc @brendongo @mmcqd

@IagoAbal IagoAbal mentioned this issue Nov 11, 2021
Merged
3 tasks
@jayvdb
Copy link

jayvdb commented Nov 12, 2021

I encountered this on 0.72 with zips, tar.gz, .eot, .ttf, .woff(2). I was able to workaround it with both .semgrepignore and the semgrep app ignore overrides.

@IagoAbal
Copy link
Collaborator Author

This happens using the regex language.

IagoAbal added a commit that referenced this issue Nov 12, 2021
@IagoAbal
Test that Semgrep can process a .png without crashing
338cc86 
The error also triggered with:

    rules:
    - id: test
      patterns:
      - pattern-regex: IHDR
      message: Semgrep found a match
      languages: [regex]
      severity: WARNING

Follows #4264
Closes #4258

test plan:
make test # test included
@IagoAbal IagoAbal mentioned this issue Nov 12, 2021
Merged
3 tasks
IagoAbal added a commit that referenced this issue Nov 12, 2021
@IagoAbal
Test that Semgrep can process a .png without crashing (#4272)
1d4c7e9 
The error also triggered with:

    rules:
    - id: test
      patterns:
      - pattern-regex: IHDR
      message: Semgrep found a match
      languages: [regex]
      severity: WARNING

Follows #4264
Closes #4258

test plan:
make test # test included
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working priority:high Issue requires immediate attention
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Test that Semgrep can process a .png without crashing semgrep/semgrep
2 participants
@jayvdb @IagoAbal