Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: panic when passed an invalid path like \x01 #68737

Closed
jfrech opened this issue Aug 6, 2024 · 4 comments
Closed

cmd/go: panic when passed an invalid path like \x01 #68737

jfrech opened this issue Aug 6, 2024 · 4 comments
Assignees
@matloob
Labels
GoCommand cmd/go

Comments

@jfrech
Copy link

jfrech commented Aug 6, 2024

Go version

go version go1.22.3 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/root/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/root/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.3'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1397028556=/tmp/go-build -gno-record-gcc-switches'

What did you do?

; go run "$(echo -e '\x01')"
panic: path "\x01" not in error "invalid import path \"\\x01\"" [recovered]
        panic: path "\x01" not in error "invalid import path \"\\x01\""

goroutine 1 [running]:
cmd/go/internal/load.(*preload).flush(0xc000112900)
        cmd/go/internal/load/pkg.go:1132 +0x74
panic({0x9cef40?, 0xc0001129b0?})
        runtime/panic.go:770 +0x132
cmd/go/internal/load.ImportErrorf({0x7ffc64bcdf0b, 0x1}, {0xa9d423?, 0x1?}, {0xc0001b9720?, 0xc0001b9a98?, 0x0?})
        cmd/go/internal/load/pkg.go:542 +0x174
cmd/go/internal/load.(*Package).load(0xc0001be008, {0xba6e70, 0xf8d0c0}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, {0x7ffc64bcdf0b, ...}, ...)
        cmd/go/internal/load/pkg.go:1949 +0x1214
cmd/go/internal/load.loadImport({0xba6e70, 0xf8d0c0}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, 0xc000112900, {0x7ffc64bcdf0b, ...}, ...)
        cmd/go/internal/load/pkg.go:794 +0x546
cmd/go/internal/load.PackagesAndErrors({0xba6e70?, 0xf8d0c0?}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, {0xc00010c2c0, 0x1, ...})
        cmd/go/internal/load/pkg.go:2882 +0xa2b
cmd/go/internal/run.runRun({0xba6e70, 0xf8d0c0}, 0xc00015e498?, {0xc00010c2c0, 0x1, 0x1})
        cmd/go/internal/run/run.go:124 +0x3ac
main.invoke(0xf1f420, {0xc00010c2b0, 0x2, 0x2})
        cmd/go/main.go:257 +0x5c4
main.main()
        cmd/go/main.go:175 +0x6d5

What did you see happen?

Function "ImportErrorf" employs an overzealous sanity check to impel cmd/go to show its path context but doesn't take into account a component which transforms non-printable characters into their quoted form.

Cf. https://cs.opensource.google/go/go/+/refs/tags/go1.22.5:src/cmd/go/internal/load/pkg.go;l=539 [2024-07-14, 2024-08-06]

What did you expect to see?

I would have expected not to be able to provoke a panic in choosing an odd pathname.

Curiously, command "go help" spits back the control character.

; go help "$(echo -e '\x01')" 2>&1 | hd
00000000  67 6f 20 68 65 6c 70 20  01 3a 20 75 6e 6b 6e 6f  |go help .: unkno|
00000010  77 6e 20 68 65 6c 70 20  74 6f 70 69 63 2e 20 52  |wn help topic. R|
00000020  75 6e 20 27 67 6f 20 68  65 6c 70 27 2e 0a        |un 'go help'..|
0000002e

Earnestly, I would have expected the name to get escaped to "\x01" in both "go help" and "go [run|test|build]".
@gabyhelp
Copy link

gabyhelp commented Aug 6, 2024

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@jfrech jfrech mentioned this issue Aug 6, 2024
Closed
@timothy-king timothy-king added the GoCommand cmd/go label Aug 6, 2024
@timothy-king
Copy link
Contributor

cc @matloob @samthanawalla

@seankhliao seankhliao changed the title cmd/go: [internal/load.ImportErrorf] panic provocation cmd/go: panic when passed an invalid path like \x01 Aug 6, 2024
@matloob
Copy link
Contributor

matloob commented Aug 6, 2024

I think escaping the paths every time they appear is out of scope, but I will send a CL to fix the panic.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/603475 mentions this issue: cmd/go/internal/load: make check for path in import error more robust

@matloob matloob self-assigned this Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matloob matloob

Labels
GoCommand cmd/go
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@timothy-king @gopherbot @matloob @jfrech @gabyhelp