Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GET maven-metadata.xml Panics with "index out of range [-1]" When No Package Versions Exist #33886

Closed
dianaStr7 opened this issue Mar 14, 2025 · 2 comments · Fixed by #33888
Closed

GET maven-metadata.xml Panics with "index out of range [-1]" When No Package Versions Exist #33886

dianaStr7 opened this issue Mar 14, 2025 · 2 comments · Fixed by #33888
Labels
type/bug
Milestone
1.23.6

Comments

@dianaStr7
Copy link
Contributor

Description

After fix for maven packages in 33678, when trying to GET maven-metadata.xml for a non-existent package, function serveMavenMetadata crashes with an index out of range [-1] panic as no Maven package versions are found. I suppose this happens because the function attempts to access pds[len(pds)-1], but pds is empty.

Steps to Reproduce

  1. Ensure no package versions exist for the given GroupID:ArtifactID.
  2. Attempt to curl GET com/group/id/artifactId/maven-metadata.xml for the non-existent package.
  3. Get 500 response and see the log with index out of range [-1] panic.

Expected Behavior

The function should return more clear HTTP response (e.g., 404 Not Found) instead of panicking.

Where I think the problem is

routers/api/packages/maven/maven.go
func serveMavenMetadata

latest := pds[len(pds)-1] // Panics if pds is empty

Suggested Fix

Add a check for package versions found before continuing:

pvs = append(pvsLegacy, pvs...)

if len(pvs) == 0 {
	apiError(ctx, http.StatusNotFound, packages_model.ErrPackageNotExist)
	return
}

Environment

  • Gitea Version: 1.23.5
  • Go Version: 1.23.5

Gitea Version

1.23.5

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Locally

Database

None
@wxiaoguang wxiaoguang mentioned this issue Mar 14, 2025
Merged
@wxiaoguang
Copy link
Contributor

-> Fix maven panic when no package exist #33888

@dianaStr7
Copy link
Contributor Author

-> Fix maven panic when no package exist #33888

Thank you for the fast reply and fix :)

@lunny lunny closed this as completed in 45c4139 Mar 14, 2025
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Mar 14, 2025
@wxiaoguang @GiteaBot
Fix maven panic when no package exists (go-gitea#33888)
d3fa802 
Fix go-gitea#33886

Restore the old logic from go-gitea#16510, which was incorrectly removed by
go-gitea#33678
@GiteaBot GiteaBot mentioned this issue Mar 14, 2025
Merged
lunny pushed a commit that referenced this issue Mar 14, 2025
@GiteaBot @wxiaoguang
Fix maven panic when no package exists (#33888) (#33889)
5fadcf9 
Backport #33888 by @wxiaoguang

Fix #33886

Restore the old logic from #16510, which was incorrectly removed by
#33678

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@lunny lunny added this to the 1.23.6 milestone Mar 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.23.6
Development

Successfully merging a pull request may close this issue.

Fix maven panic when no package exists wxiaoguang/gitea
3 participants
@lunny @wxiaoguang @dianaStr7