Skip to content

govulncheck: panic: runtime error: invalid memory address or nil pointer dereference #66203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gregwebs opened this issue Mar 8, 2024 · 2 comments
Closed

govulncheck: panic: runtime error: invalid memory address or nil pointer dereference #66203

gregwebs opened this issue Mar 8, 2024 · 2 comments
Labels
FrozenDueToAge

Comments

@gregwebs
Copy link

gregwebs commented Mar 8, 2024

Go version

1.21.8

Output of go env in your module/workspace:

GO111MODULE=''
  GOARCH='amd64'
  GOBIN=''
  GOCACHE='/home/runner/.cache/go-build'
  GOENV='/home/runner/.config/go/env'
  GOEXE=''
  GOEXPERIMENT=''
  GOFLAGS=''
  GOHOSTARCH='amd64'
  GOHOSTOS='linux'
  GOINSECURE=''
  GOMODCACHE='/home/runner/go/pkg/mod'
  GONOPROXY=''
  GONOSUMDB=''
  GOOS='linux'
  GOPATH='/home/runner/go'
  GOPRIVATE=''
  GOPROXY='https://proxy.golang.org,direct'
  GOROOT='/home/runner/go/pkg/mod/golang.org/[email protected]'
  GOSUMDB='sum.golang.org'
  GOTMPDIR=''
  GOTOOLCHAIN='auto'
  GOTOOLDIR='/home/runner/go/pkg/mod/golang.org/[email protected]/pkg/tool/linux_amd64'
  GOVCS=''
  GOVERSION='go1.22.0'
  GCCGO='gccgo'
  GOAMD64='v1'
  AR='ar'
  CC='gcc'
  CXX='g++'
  CGO_ENABLED='1'
  GOMOD='/home/runner/work/bravo/bravo/go.mod'
  GOWORK=''
  CGO_CFLAGS='-O2 -g'
  CGO_CPPFLAGS=''
  CGO_CXXFLAGS='-O2 -g'
  CGO_FFLAGS='-O2 -g'
  CGO_LDFLAGS='-O2 -g'
  PKG_CONFIG='pkg-config'
  GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1413711295=/tmp/go-build -gno-record-gcc-switches'

What did you do?

run govulncheck Github CI action.

What did you see happen?

go install golang.org/x/vuln/cmd/govulncheck@latest
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    GO_VERSION: 1.21.8
go: downloading golang.org/x/vuln v1.0.4
Run govulncheck -C . ./...
  govulncheck -C . ./...
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    GO_VERSION: 1.21.8
Scanning your code and 936 packages across 1[72](https://github.com/digitalmint/bravo/actions/runs/8208814870/job/22453019293?pr=7457#step:6:76) dependent modules for known vulnerabilities...

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x[79](https://github.com/digitalmint/bravo/actions/runs/8208814870/job/22453019293?pr=7457#step:6:84)88ba]

goroutine 15865 [running]:
golang.org/x/tools/go/ssa.memberFromObject(0xc044265e80, {0x0, 0x0?}, {0x96e2a0, 0xc0095437d0}, {0x0, 0x0})
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/go/ssa/create.go:55 +0x5a
golang.org/x/tools/go/ssa.membersFromDecl(0xc044265e80, {0x96f7f8?, 0xc0095437d0?}, {0x0, 0x0})
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/go/ssa/create.go:1[84](https://github.com/digitalmint/bravo/actions/runs/8208814870/job/22453019293?pr=7457#step:6:89) +0x11b
golang.org/x/tools/go/ssa.(*Program).CreatePackage(0xc01ce368f0, 0xc006774180, {0xc0121e8488, 0x1, 0x1}, 0xc00928df40, 0x1)
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/go/ssa/create.go:250 +0x[86](https://github.com/digitalmint/bravo/actions/runs/8208814870/job/22453019293?pr=7457#step:6:91)5
golang.org/x/vuln/internal/vulncheck.buildSSA.func1(0x4c1739?)
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/internal/vulncheck/utils.go:38 +0xe5
golang.org/x/vuln/internal/vulncheck.buildSSA({0xc0001c2680, 0xa6, 0x0?}, 0xc0000a8040)
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/internal/vulncheck/utils.go:46 +0x322
golang.org/x/vuln/internal/vulncheck.source.func1()
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/internal/vulncheck/source.go:54 +0x8f
created by golang.org/x/vuln/internal/vulncheck.source in goroutine 6
	/home/runner/go/pkg/mod/golang.org/x/[email protected]/internal/vulncheck/source.go:52 +0x28e
Error: Process completed with exit code 2.

What did you expect to see?

no panic
@gregwebs
Copy link
Author

gregwebs commented Mar 8, 2024

Upgraded to go version 1.22.1 and the panic went away.

@adonovan
Copy link
Member

adonovan commented Mar 8, 2024

Glad to hear that updating fixed it, and thanks for reporting it. It looks like a dup of #65608.

@adonovan adonovan closed this as completed Mar 8, 2024
@gabyhelp gabyhelp mentioned this issue Aug 20, 2024
Closed
@gabyhelp gabyhelp mentioned this issue Nov 14, 2024
Closed
@golang golang locked and limited conversation to collaborators Mar 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gregwebs @adonovan @gopherbot