fuzz: Panic found during parser post-processing #2714

tsandall · 2020-09-23T13:17:31Z

Test input:

0{{}}assign()

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x887237]

goroutine 1 [running]:
github.com/open-policy-agent/opa/ast.(*Term).Hash(...)
        /home/torin/src/opa/ast/term.go:361
github.com/open-policy-agent/opa/ast.(*set).get(0xc0000fdbc0, 0x0, 0x7fad69154aa8)
        /home/torin/src/opa/ast/term.go:1540 +0x37
github.com/open-policy-agent/opa/ast.(*set).Contains(0xc0000fdbc0, 0x0, 0xc0002baa40)
        /home/torin/src/opa/ast/term.go:1452 +0x35
github.com/open-policy-agent/opa/ast.ParseCompleteDocRuleFromEqExpr(0xc00012c870, 0x0, 0x0, 0x1, 0xce30bf, 0x6)
        /home/torin/src/opa/ast/parser_ext.go:241 +0x54
github.com/open-policy-agent/opa/ast.ParseCompleteDocRuleFromAssignmentExpr(0xc00012c870, 0x0, 0x0, 0x1, 0xc000127280, 0x7fad69154800)
        /home/torin/src/opa/ast/parser_ext.go:225 +0x45
github.com/open-policy-agent/opa/ast.ParseRuleFromExpr(0xc00012c870, 0xc00012c820, 0x8, 0x40, 0xc71820)
        /home/torin/src/opa/ast/parser_ext.go:167 +0x2d1
github.com/open-policy-agent/opa/ast.ParseRuleFromBody(0xc00012c870, 0xc00011e2e0, 0x1, 0x1, 0x2, 0xc00011d060, 0x1)
        /home/torin/src/opa/ast/parser_ext.go:130 +0x98
github.com/open-policy-agent/opa/ast.parseModule(0x7fff10ba972c, 0x6, 0xc000127200, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/ast/parser_ext.go:600 +0x30d
github.com/open-policy-agent/opa/ast.ParseModule(0x7fff10ba972c, 0x6, 0xc0002bad38, 0xd, 0xd, 0x46ae85, 0xc000000180)
        /home/torin/src/opa/ast/parser_ext.go:417 +0xe5
github.com/open-policy-agent/opa/loader.loadRego(0x7fff10ba972c, 0x6, 0xc0002be000, 0xd, 0x20d, 0xde0f00, 0xc000117b60, 0x0, 0x0, 0x0)
        /home/torin/src/opa/loader/loader.go:503 +0xbe
github.com/open-policy-agent/opa/loader.loadKnownTypes(0x7fff10ba972c, 0x6, 0xc0002be000, 0xd, 0x20d, 0xde0f00, 0xc000117b60, 0x0, 0x0, 0x7fff10ba972c, ...)
        /home/torin/src/opa/loader/loader.go:464 +0x50a
github.com/open-policy-agent/opa/loader.fileLoader.Filtered.func1(0xc0002ae6f0, 0x7fff10ba972c, 0x6, 0x0, 0x0, 0x0)
        /home/torin/src/opa/loader/loader.go:151 +0xad
github.com/open-policy-agent/opa/loader.allRec(0x7fff10ba972c, 0x6, 0xc000117540, 0xc0002bb138, 0xc0002ae6f0, 0x0, 0xc0002bb1a0)
        /home/torin/src/opa/loader/loader.go:436 +0x456
github.com/open-policy-agent/opa/loader.all(0xc00011cb40, 0x1, 0x1, 0xc000117540, 0xc0002bb1a0, 0x203000, 0x203000, 0x40d930)
        /home/torin/src/opa/loader/loader.go:407 +0x239
github.com/open-policy-agent/opa/loader.fileLoader.Filtered(0xde0f00, 0xc000117b60, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0002ae6c0, 0xc00011cb40, 0x1, ...)
        /home/torin/src/opa/loader/loader.go:144 +0xd1
github.com/open-policy-agent/opa/internal/runtime/init.LoadPaths(0xc00011cb40, 0x1, 0x1, 0xc000117540, 0x0, 0x0, 0x0, 0x0, 0xc0001229f8, 0x3)
        /home/torin/src/opa/internal/runtime/init/init.go:131 +0x3c5
github.com/open-policy-agent/opa/runtime.NewRuntime(0xddbca0, 0xc0000220c0, 0xc000290030, 0x24, 0xc000117460, 0xc000117480, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/runtime/runtime.go:236 +0x15b
github.com/open-policy-agent/opa/cmd.initRuntime(0xddbca0, 0xc0000220c0, 0x0, 0x0, 0xc000117460, 0xc000117480, 0x0, 0x0, 0x0, 0x0, ...)
        /home/torin/src/opa/cmd/run.go:258 +0x545
github.com/open-policy-agent/opa/cmd.init.8.func1(0xc000177400, 0xc00011cb40, 0x1, 0x1)
        /home/torin/src/opa/cmd/run.go:156 +0xea
github.com/spf13/cobra.(*Command).execute(0xc000177400, 0xc00011cb10, 0x1, 0x1, 0xc000177400, 0xc00011cb10)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:766 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x120a580, 0xc000068778, 0xc000079f78, 0x4062a5)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:852 +0x2fe
github.com/spf13/cobra.(*Command).Execute(...)
        /home/torin/src/opa/vendor/github.com/spf13/cobra/command.go:800
main.main()
        /home/torin/src/opa/main.go:15 +0x31

The text was updated successfully, but these errors were encountered:

This commit fixes a panic caught in the fuzzer due to misuse of operands returned by expr.Operand(). Fixes open-policy-agent#2714 Signed-off-by: Torin Sandall <torinsandall@gmail.com>

This commit fixes a panic caught in the fuzzer due to misuse of operands returned by expr.Operand(). Fixes #2714 Signed-off-by: Torin Sandall <torinsandall@gmail.com>

tsandall added the bug label Sep 23, 2020

tsandall self-assigned this Sep 23, 2020

tsandall added this to TODO (Things That Should Be Done) in Open Policy Agent via automation Sep 23, 2020

tsandall moved this from TODO (Things That Should Be Done) to In Progress in Open Policy Agent Sep 23, 2020

tsandall mentioned this issue Sep 23, 2020

ast: Fix panic in parser post-processing of expressions #2715

Merged

patrick-east closed this as completed in #2715 Sep 23, 2020

Open Policy Agent automation moved this from In Progress to Done Sep 23, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fuzz: Panic found during parser post-processing #2714

fuzz: Panic found during parser post-processing #2714

tsandall commented Sep 23, 2020

fuzz: Panic found during parser post-processing #2714

fuzz: Panic found during parser post-processing #2714

Comments

tsandall commented Sep 23, 2020