Hello!
I found potential dereference of nil pointer master branch (commit 0ea5ed0382a279b30530acccafaf070fefeddafd) using SAST tool Svace.
In particular, in generate/generate.go in method (*Generator).Save pointer g.Config.Linux may have nil value. If method argument exportOpts.Seccomp=true, then in condition body
if exportOpts.Seccomp {
data, err = json.MarshalIndent(g.Config.Linux.Seccomp, "", "\t")
} ...
may occur dereference of nil pointer g.Config.Linux.
I decided to test empirically if we really can trigger such error. I executed:
root@a-gui:~/runtime-tools# oci-runtime-tool generate -os=windows -linux-seccomp-only=true > config.json
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x80 pc=0x54518c]
goroutine 1 [running]:
github.com/opencontainers/runtime-tools/generate.(*Generator).Save(0x8b1bb9?, {0x9543e0, 0xc000086038}, {0x25?})
/root/runtime-tools/generate/generate.go:353 +0xac
main.init.func1(0xc0000a0a00)
/root/runtime-tools/cmd/oci-runtime-tool/generate.go:189 +0x15a
github.com/urfave/cli.HandleAction({0x81a900?, 0x8d4ae8?}, 0x8?)
/root/runtime-tools/vendor/github.com/urfave/cli/app.go:485 +0x50
github.com/urfave/cli.Command.Run({
{0x8acb70, 0x8}
, {0x0, 0x0}, {0x0, 0x0, 0x0}, {0x8b5f60, 0x19}, {0x0, ...}, ...}, ...)
/root/runtime-tools/vendor/github.com/urfave/cli/command.go:193 +0x953
github.com/urfave/cli.(*App).Run(0xc00009aea0, {0xc0000a40c0, 0x4, 0x4})
/root/runtime-tools/vendor/github.com/urfave/cli/app.go:250 +0xbdb
main.main()
While the combination of --os=windows and --linux-seccomp-only=true might be unusual, the runtime shouldn't panic in this case.
Would it be better to modify mentioned condition to check both g.Config.Linux and exportOpts.Seccomp? Like below:
if g.Config.Linux != nil && exportOpts.Seccomp {
data, err = json.MarshalIndent(g.Config.Linux.Seccomp, "", "\t")
} ...
Thank you for your time and consideration!
Hello!
I found potential dereference of nil pointer master branch (commit 0ea5ed0382a279b30530acccafaf070fefeddafd) using SAST tool Svace.
In particular, in generate/generate.go in method (*Generator).Save pointer g.Config.Linux may have nil value. If method argument exportOpts.Seccomp=true, then in condition body
may occur dereference of nil pointer g.Config.Linux.
I decided to test empirically if we really can trigger such error. I executed:
While the combination of --os=windows and --linux-seccomp-only=true might be unusual, the runtime shouldn't panic in this case.
Would it be better to modify mentioned condition to check both g.Config.Linux and exportOpts.Seccomp? Like below:
Thank you for your time and consideration!