Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syft is now throwing panic with version 0.66.1 #1462

Closed
aeg opened this issue Jan 15, 2023 · 4 comments · Fixed by #1468
Closed

syft is now throwing panic with version 0.66.1 #1462

aeg opened this issue Jan 15, 2023 · 4 comments · Fixed by #1468
Assignees
Labels
bug Something isn't working

Comments

@aeg
Copy link

aeg commented Jan 15, 2023

Please provide a set of steps on how to reproduce the issue
Run syft version 0.66.1 with certain Mach-O binaries, an error occurs .

syft packages dir:/home/xxx

What happened:

 ? Cataloging packages     [packages 0]panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0xd43b7a]

goroutine 39 [running]:
github.com/anchore/syft/syft/pkg/cataloger/java.nativeImageMachO.fetchPkgs({0xc004a7675e?})
        /home/runner/work/syft/syft/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go:325 +0x5a
github.com/anchore/syft/syft/pkg/cataloger/java.fetchPkgs({0x7fb613711f20?, 0xc008cd3f38?}, {0xc004a7675e, 0x80})
        /home/runner/work/syft/syft/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go:521 +0x23e
github.com/anchore/syft/syft/pkg/cataloger/java.(*NativeImageCataloger).Catalog(0xc0005f43c0?, {0x145dd18, 0xc000210230})
        /home/runner/work/syft/syft/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go:551 +0x4e5
github.com/anchore/syft/syft/pkg/cataloger.runCataloger({0x14561b0, 0x1d55e10}, {0x145dd18?, 0xc000210230})
        /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:57 +0x188
github.com/anchore/syft/syft/pkg/cataloger.Catalog.func1()
        /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:127 +0x105
created by github.com/anchore/syft/syft/pkg/cataloger.Catalog
        /home/runner/work/syft/syft/syft/pkg/cataloger/catalog.go:122 +0x2aa

What you expected to happen:

Scan should proceed with results produced.

Anything else we need to know?:

The file that caused the panic is "go/pkg/mod/golang.org/x/[email protected]/cmd/splitdwarf/internal/macho/testdata/gcc-amd64-darwin-exec-debug".

I traced this error.
When the panic has occured, syft/pkg/cataloger/java/graalvm_native_image_cataloger.go: L.325
bi.Symtab is nil .

L.325 	for _, s := range bi.Symtab.Syms {

I put in the check code to try it out and it completed with no problems.

	if bi.Symtab == nil {
		log.Debugf("native-image cataloger: %v.", nativeImageMissingSymbolsError)
		return nil, errors.New(nativeImageMissingSymbolsError)
	}

Environment:

  • Output of syft version: 0.66.1
  • OS (e.g: cat /etc/os-release or similar):20.04.5 LTS (Focal Fossa)
@aeg aeg added the bug Something isn't working label Jan 15, 2023
@erik-bershel
Copy link

Got the same issue for macOS 11.7.2 (20G1020)
Screenshot 2023-01-16 at 16 39 03

@kzantow kzantow added this to OSS Jan 17, 2023
@kzantow kzantow moved this to In Progress in OSS Jan 17, 2023
@kzantow kzantow self-assigned this Jan 17, 2023
@kzantow
Copy link
Contributor

kzantow commented Jan 17, 2023

Thanks for the report -- is there a public image you could provide that exhibited this problem?

@erik-bershel
Copy link

erik-bershel commented Jan 17, 2023

@kzantow public runner image of macOS 11 for example. I have tried on latest one. It happens with different files.
Another two examples:
Screenshot 2023-01-17 at 16 47 12
Screenshot 2023-01-17 at 16 48 30
Add:
And the same for macOS12. Found that only last minute.
Screenshot 2023-01-17 at 16 58 27

@aeg
Copy link
Author

aeg commented Jan 17, 2023

Thanks for responding.

% wget https://raw.githubusercontent.com/blacktop/go-macho/master/internal/testdata/gcc-amd64-darwin-exec-debug.base64
% base64 -d gcc-amd64-darwin-exec-debug.base64  > gcc-amd64-darwin-exec-debug
% file gcc-amd64-darwin-exec-debug
gcc-amd64-darwin-exec-debug: Mach-O 64-bit x86_64 dSYM companion file
% syft packages file:./gcc-amd64-darwin-exec-debug

I'm not sure whether "gcc-amd64-darwin-exec-debug" is correct binary or not,but it causes panic.

@kzantow kzantow moved this from In Progress to In Review in OSS Jan 17, 2023
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Jan 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

3 participants