signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1b6c1d6

[Teicu]

Hi, I get this error using the latest version of Nuclei from MacBook Pro 2019

Nuclei Engine 2.8.1 (latest)
Nuclei Templates 9.3.0 (latest)

[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x1b6c1d6]

goroutine 1481646 [running]:
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).convertInputToType(0xc0024b6028, {0xc00afe0d00, 0xc8}, 0x4, {0x0, 0x0})
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:72 +0x96
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).Transform(0x1046973?, {0xc00afe0d00?, 0x8?}, 0x1304efd?)
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:43 +0x7f
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0xc0021b0d60, 0xc0033c2940)
	github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer/executer.go:75 +0x2c6
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2.1(0x132a226?, 0x0?, 0xc0033c2800)
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:146 +0x182
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*En
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:131 +0x745

[ehsandeep]

@Teicu could you also share the cmd you used to run? I'm running on same system and unable to repro this.

[Teicu]

Hi

nuclei -l urls.txt -tags CVE

I'd like to point out that there are about a 500k links in the url.txt list

Cheers

[tarunKoyalwar]

Most Likely urls.txt are not standard urls (missing protocol or has parameters etc)

	notURL := !strings.Contains(input, "://")
	parsed, _ := url.Parse(input)
	var host, port string
	if !notURL {
		host, port, _ = net.SplitHostPort(parsed.Host)
	} else {
		host, port, _ = net.SplitHostPort(input)
	}

most likely parsed.input is empty which caused this error

[Teicu]

Most Likely urls.txt are not standard urls (missing protocol or has parameters etc)

	notURL := !strings.Contains(input, "://")
	parsed, _ := url.Parse(input)
	var host, port string
	if !notURL {
		host, port, _ = net.SplitHostPort(parsed.Host)
	} else {
		host, port, _ = net.SplitHostPort(input)
	}

most likely parsed.input is empty which caused this error

No, all URLs are https://website.com. It's not the first time I've used Nuclei, so that's by no means the problem.

[tarunKoyalwar]

@Teicu , I have uploaded fix along with other edge cases to issue-2979-url-panic branch . can you try installing nuclei again with following command

go install -v  github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic 

and share if you are facing same issue .

[pdelteil]

@Teicu , I have uploaded fix along with other edge cases to issue-2979-url-panic branch . can you try installing nuclei again with following command

go install -v  github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic 

and share if you are facing same issue .

Hi there,

I had the same issue. The problem was originated due to the go version, go.1.18 is required.

I tried to run go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic having this output (truncated) :

../go/pkg/mod/golang.org/x/exp@v0.0.0-20221019170559-20944726eadf/maps/maps.go:88:16: too many errors
note: module requires Go 1.18

I was using Go 1.17, so I updated to the latest version [1.19.3] and now it works fine. (Using an input file with 1,8 MM urls).

[Teicu]

Sorry but I'm using go version go1.19.2 darwin/amd64

[pdelteil]

Sorry but I'm using go version go1.19.2 darwin/amd64

Hi there,

What was the output of go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic ?

In my case I had installed 2 go versions. Show the output of this command whereis go

[Teicu]

whereis go
go: /usr/local/bin/go

[tarunKoyalwar]

@Teicu have you tried nuclei from another branch ??

[pdelteil]

whereis go go: /usr/local/bin/go

and the other one? from go install?

[mardinyadegar]

@ehsandeep I am able to reproduce the issue. I am using alpine linux docker container which installs the latest version of go (apk add go) and Nuclei as per Nuclei documentation.

% nuclei -H "User-Agent:non-generic-ua" -H "customheader:boolean" -list nuclei_hosts_to_scan_final.txt -t /usr/nucl
ei-templates -o scan-vulnerabilities.txt
[INF] Using Nuclei Engine 2.8.1 (latest)                                                                                                
[INF] Using Nuclei Templates 9.3.0 (latest)

panic: runtime error: invalid memory address or nil pointer dereference                                                                       
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0xf684b6]                                                                       
                                                                                                                                              
goroutine 47 [running]:                                                                                                                       
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).convertInputToType(0xc000128a18, {0xc009174120, 0x25}, 0x4, {0x0, 0x0})

[tarunKoyalwar]

@mardinyadegar @Teicu can you confirm that nuclei fails after installing from issue-2979-url-panic

go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic

If it fails can you post command ouput as well as a link maybe containing urls .

[mardinyadegar]

@tarunKoyalwar using that suggestion got me no different results.

[mardinyadegar]

I don't see this as an acceptable solution, but when I switched back to v2.7.9, I noticed it was working properly again.

[vzamanillo]

It's hard to find the problem if we are not able to reproduce it, could you please share your url file?

[ehsandeep]

@tarunKoyalwar @vzamanillo @Ice3man543 from #2996

$ echo 'https://~^(.*-pre)\.smth\.google\.com/' | nuclei -id tech-detect -silent

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x28 pc=0x10343eb48]

goroutine 59 [running]:
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).convertInputToType(0x1400052c028, {0x14002439f50, 0x26}, 0x4, {0x0, 0x0})
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:72 +0x68
github.com/projectdiscovery/nuclei/v2/pkg/input.(*Helper).Transform(0x1400053a608?, {0x14002439f50?, 0x1400053a5a8?}, 0x1029abde8?)
	github.com/projectdiscovery/nuclei/v2/pkg/input/input.go:43 +0x88
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0x14001ef83e0, 0x14002449400)
	github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer/executer.go:75 +0x298
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2.1(0x0?, 0x0?, 0x14002449360)
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:146 +0x148
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2
	github.com/projectdiscovery/nuclei/v2/pkg/core/execute.go:131 +0x618

[tarunKoyalwar]

@ehsandeep already fixed with https://github.com/projectdiscovery/nuclei/tree/issue-2979-url-panic

echo 'https://~^(.*-pre)\.smth\.google\.com/' | go run . -id tech-detect      

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.1

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.1 (latest)
[INF] Using Nuclei Templates 9.3.1 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] No results found. Better luck next time!
tarun@Taruns-MacBook-Pro:~/reviews/nuclei/v2/cmd/nuclei(issue-2979-url-panic○) » 

[tarunKoyalwar]

Can't Say why but Earlier go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@issue-2979-url-panic did not install from issue-2979-url-panic branch .

[ehsandeep]

@Teicu @mardinyadegar @pdelteil should be fixed now with the latest release.