Panic in alpm cataloger #1195

cjnosal · 2022-09-07T18:29:40Z

What happened:

panic: runtime error: index out of range [0] with length 0

goroutine 52 [running]:
github.com/anchore/syft/syft/pkg/cataloger/alpm.getFileReader({0xc0015cc270, 0xc2}, {0x64e35d8, 0xc0008b6000})
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/syft/pkg/cataloger/alpm/parse_alpm_db.go:71 +0x1a5
github.com/anchore/syft/syft/pkg/cataloger/alpm.parseAlpmDB({0x64e35d8, 0xc0008b6000}, {0xc0007ee8f0, 0xc1}, {0x10e206d0, 0xc000a1e000})
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/syft/pkg/cataloger/alpm/parse_alpm_db.go:217 +0xe7
github.com/anchore/syft/syft/pkg/cataloger/alpm.(*Cataloger).Catalog(0x60cf5fa?, {0x64e35d8, 0xc0008b6000})
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/syft/pkg/cataloger/alpm/cataloger.go:45 +0x258
github.com/anchore/syft/syft/pkg/cataloger.Catalog({0x64e35d8?, 0xc0008b6000}, 0x8?, {0xc0008e2200, 0x14, 0x0?})
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/syft/pkg/cataloger/catalog.go:55 +0x3ec
github.com/anchore/syft/syft.CatalogPackages(0xc001204580, {{0x1, 0x0, {0x60b896f, 0x8}}, {0x0, 0x0, 0x0}, 0x0})
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/syft/lib.go:72 +0x5a5
github.com/anchore/syft/cmd/syft/cli/eventloop.generateCatalogPackagesTask.func1(0xc000602d00, 0xc001204580?)
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/cmd/syft/cli/eventloop/tasks.go:49 +0xff
github.com/anchore/syft/cmd/syft/cli/eventloop.RunTask(0x46bac05?, 0xc0007ae3c0?, 0xc00052b7d0?, 0xc0006b82a0, 0xc000369560?)
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/cmd/syft/cli/eventloop/tasks.go:223 +0x85
created by github.com/anchore/syft/cmd/syft/cli/packages.buildRelationships
	/go/pkg/mod/github.com/anchore/syft@v0.55.0/cmd/syft/cli/packages/packages.go:130 +0x65

What you expected to happen:
Either a successful inventory of alpm components or a graceful failure with informative message

How to reproduce it (as minimally and precisely as possible):

go install github.com/anchore/syft/cmd/syft@v0.55.0
git clone github.com/anchore/syft
syft -q dir:syft -o cyclonedx

Anything else we need to know?:
https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/alpm/parse_alpm_db.go#L70
Couldn't reproduce on linux/amd64 go1.19 or darwin/amd64 go1.18.3

Environment:

Output of syft version:
Application: syft
Version: [not provided]
JsonSchemaVersion: 3.3.2
BuildDate: [not provided]
GitCommit: [not provided]
GitDescription: [not provided]
Platform: darwin/amd64
GoVersion: go1.19
Compiler: gc

The text was updated successfully, but these errors were encountered:

tgerla · 2022-09-07T19:23:06Z

Hi @xtreme-conor-nosal, thank you for this report. We will take a look and get back to you if we need any more info.

spiffcs · 2022-12-01T16:25:46Z

@xtreme-conor-nosal I ran this with the latest code v0.63.0. We had some bug fixes and I ran you're reproducible steps and no panic was caused:

Closing this now as resolved - If you see anything wrong with the above output or you're not getting the correct result please let me know and I can re open

cjnosal added the bug Something isn't working label Sep 7, 2022

spiffcs added this to OSS Oct 13, 2022

spiffcs moved this to Backlog (Pulled Forward for Priority) in OSS Oct 13, 2022

spiffcs self-assigned this Nov 28, 2022

spiffcs moved this from Backlog (Pulled Forward for Priority) to In Progress (Actively Resolving) in OSS Nov 28, 2022

spiffcs closed this as completed Dec 1, 2022

Repository owner moved this from In Progress (Actively Resolving) to Done in OSS Dec 1, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Panic in alpm cataloger #1195

Panic in alpm cataloger #1195

cjnosal commented Sep 7, 2022

tgerla commented Sep 7, 2022

spiffcs commented Dec 1, 2022

Panic in alpm cataloger #1195

Panic in alpm cataloger #1195

Comments

cjnosal commented Sep 7, 2022

tgerla commented Sep 7, 2022

spiffcs commented Dec 1, 2022