Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fuzz: Panic during local variable rewriting stage #2720

Closed
tsandall opened this issue Sep 24, 2020 · 0 comments · Fixed by #2722
Closed

fuzz: Panic during local variable rewriting stage #2720

tsandall opened this issue Sep 24, 2020 · 0 comments · Fixed by #2722
Assignees
@tsandall
Labels
bug

Comments

@tsandall
Copy link
Member

tsandall commented Sep 24, 2020
edited
Loading

Test file:

package d c({({0|t:=0}):0})

Panic:

panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x89cbda]

goroutine 1 [running]:
github.com/open-policy-agent/opa/ast.(*Compiler).compile.func1()
        /home/torin/src/opa/ast/compile.go:881 +0x67
panic(0xbfc020, 0x11f7350)
        /usr/local/go/src/runtime/panic.go:969 +0x175
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars.func1.1(0x0, 0x250eef6a57e40609)
        /home/torin/src/opa/ast/compile.go:1120 +0x15a
github.com/open-policy-agent/opa/ast.WalkTerms.func1(0xc8ce80, 0x0, 0xc000320ba0)
        /home/torin/src/opa/ast/visit.go:181 +0x42
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc8ce80, 0x0)
        /home/torin/src/opa/ast/visit.go:270 +0x58
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk.func1(0xc00031e960, 0xc00031eaa0)
        /home/torin/src/opa/ast/visit.go:340 +0x97
github.com/open-policy-agent/opa/ast.(*object).Foreach.func1(0xc00031e960, 0xc00031eaa0, 0x40e218, 0x30)
        /home/torin/src/opa/ast/term.go:1810 +0x39
github.com/open-policy-agent/opa/ast.(*object).Iter(0xc000320bd0, 0xc000305ca8, 0xc000305d90, 0x89ccd5)
        /home/torin/src/opa/ast/term.go:1788 +0x7a
github.com/open-policy-agent/opa/ast.(*object).Foreach(0xc000320bd0, 0xc000305d98)
        /home/torin/src/opa/ast/term.go:1809 +0x53
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xcb3cc0, 0xc000320bd0)
        /home/torin/src/opa/ast/visit.go:338 +0x994
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc8ce80, 0xc00031e940)
        /home/torin/src/opa/ast/visit.go:332 +0xbc7
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc3f580, 0xc00031eee0)
        /home/torin/src/opa/ast/visit.go:312 +0xc50
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003060c0, 0xc73260, 0xc0002165a0)
        /home/torin/src/opa/ast/visit.go:299 +0x8a5
github.com/open-policy-agent/opa/ast.WalkTerms(0xc73260, 0xc0002165a0, 0xc000306210)
        /home/torin/src/opa/ast/visit.go:185 +0x70
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars.func1(0xc000215480, 0x1249301)
        /home/torin/src/opa/ast/compile.go:1117 +0xce
github.com/open-policy-agent/opa/ast.WalkRules.func1(0xc73340, 0xc000215480, 0xc00031eec0)
        /home/torin/src/opa/ast/visit.go:229 +0x56
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003064d0, 0xc73340, 0xc000215480)
        /home/torin/src/opa/ast/visit.go:270 +0x58
github.com/open-policy-agent/opa/ast.(*GenericVisitor).Walk(0xc0003064d0, 0xc4a0a0, 0xc000216550)
        /home/torin/src/opa/ast/visit.go:281 +0x59c
github.com/open-policy-agent/opa/ast.WalkRules(0xc4a0a0, 0xc000216550, 0xc000306538)
        /home/torin/src/opa/ast/visit.go:238 +0x70
github.com/open-policy-agent/opa/ast.(*Compiler).rewriteLocalVars(0xc0003120f0)
        /home/torin/src/opa/ast/compile.go:1103 +0xe5
github.com/open-policy-agent/opa/ast.(*Compiler).runStage(0xc0003120f0, 0xcf48e2, 0x20, 0xc0002091f0)
        /home/torin/src/opa/ast/compile.go:866 +0x4f
github.com/open-policy-agent/opa/ast.(*Compiler).compile(0xc0003120f0)
        /home/torin/src/opa/ast/compile.go:886 +0x11d
github.com/open-policy-agent/opa/ast.(*Compiler).Compile(0xc0003120f0, 0xc000306888)
        /home/torin/src/opa/ast/compile.go:351 +0x2c5
github.com/open-policy-agent/opa/bundle.writeModules(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0xdc4a60, 0xc000308450, 0xc0003120f0, 0xddb540, 0xc00027caa0, 0x0, ...)
        /home/torin/src/opa/bundle/store.go:397 +0x5ed
github.com/open-policy-agent/opa/bundle.activateBundles(0xc000307068, 0xc00027caa0, 0xddcfa0)
        /home/torin/src/opa/bundle/store.go:243 +0x866
github.com/open-policy-agent/opa/bundle.Activate(...)
        /home/torin/src/opa/bundle/store.go:161
github.com/open-policy-agent/opa/internal/runtime/init.InsertAndCompile(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0xdc4a60, 0xc000308450, 0xc000205b00, 0xc000205b30, 0x0, 0x0, ...)
        /home/torin/src/opa/internal/runtime/init/init.go:67 +0x313
github.com/open-policy-agent/opa/plugins.(*Manager).Init.func1(0xdc4a60, 0xc000308450, 0xc000138010, 0xc000209190)
        /home/torin/src/opa/plugins/plugins.go:255 +0x158
github.com/open-policy-agent/opa/storage.Txn(0xdd6340, 0xc000138010, 0xddcfa0, 0xc000214d00, 0x1, 0xc00020a340, 0xc000307328, 0x0, 0x0)
        /home/torin/src/opa/storage/storage.go:95 +0xe9
github.com/open-policy-agent/opa/plugins.(*Manager).Init(0xc000312000, 0xdd6340, 0xc000138010, 0xc00024e030, 0x24)
        /home/torin/src/opa/plugins/plugins.go:253 +0x105
github.com/open-policy-agent/opa/runtime.NewRuntime(0xdd6340, 0xc000138010, 0xc00024e030, 0x24, 0xc000206560, 0xc000206580, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/runtime/runtime.go:251 +0x408
github.com/open-policy-agent/opa/cmd.initRuntime(0xdd6340, 0xc000138010, 0x0, 0x0, 0xc000206560, 0xc000206580, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/cmd/run.go:258 +0x545
github.com/open-policy-agent/opa/cmd.init.8.func1(0xc00021d180, 0xc0002084e0, 0x1, 0x1)
        /home/torin/src/opa/cmd/run.go:156 +0xea
github.com/spf13/cobra.(*Command).execute(0xc00021d180, 0xc0002084b0, 0x1, 0x1, 0xc00021d180, 0xc0002084b0)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:766 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x1203480, 0xc000068778, 0xc000113f78, 0x4062a5)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:852 +0x2fe
github.com/spf13/cobra.(*Command).Execute(...)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:800
main.main()
        /home/torin/src/opa/main.go:15 +0x31
@tsandall tsandall added the bug label Sep 24, 2020
@tsandall tsandall self-assigned this Sep 24, 2020
tsandall added a commit to tsandall/opa that referenced this issue Sep 24, 2020
@tsandall
ast: Fix panic during local var rewriting
120634e 
This commit fixes an issue similar to
e88579b: when a comprehension is
nested inside of a set or used as an object key, the rewriting needs
to be careful to make a copy of the set/object to avoid mutating the
elemenet/key in-place.

Fixes open-policy-agent#2720

Signed-off-by: Torin Sandall <[email protected]>
@tsandall tsandall mentioned this issue Sep 24, 2020
Merged
patrick-east pushed a commit that referenced this issue Sep 24, 2020
@tsandall @patrick-east
ast: Fix panic during local var rewriting
cc55f4a 
This commit fixes an issue similar to
e88579b: when a comprehension is
nested inside of a set or used as an object key, the rewriting needs
to be careful to make a copy of the set/object to avoid mutating the
elemenet/key in-place.

Fixes #2720

Signed-off-by: Torin Sandall <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsandall tsandall

Labels
bug
Projects
Open Policy Agent
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ast: Fix panic during local var rewriting tsandall/opa
1 participant
@tsandall