Runtime Error with Syft on Singularity .sif file (panic: index out of range) #3390
Comments
|
Hi @SaurabhNair96! Thanks for the issue! It looks like this panic is happening here: https://github.com/sylabs/squashfs/blob/3afc631a963a045b6863f2b3ceddcb0d969cac99/low/reader.go#L162 Syft (via Stereoscope) already depends on the latest version of that library, so this might require an upstream fix in that library (cc @tri-adam). I don't have any suggestions as a workaround right now - it looks like you're using Syft correctly and we're hitting a bug parsing the SIF image. It would be helpful if there were a link to a publicly available artifact that causes this issue. @SaurabhNair96 is there a link you're able to share? Dev notes: This panics at the last line, apparently because |
|
Hi @willmurphyscode, thanks for the response! Thank you very much in advance and looking forward! |
willmurphyscode
added
the
needs-reproduction
|
@SaurabhNair96 thanks for the requirements.txt, but I haven't been able to reproduce the issue from that, because I don't know how you're going from a requirements.txt file to a singularity image. Can you tell me about how you are going from requiremets.txt to a singularity image? Syft doesn't panic scanning the singularity images I have, and I don't have access to your image, so anything you could tell me about your build process would help us understand the bug here. Thanks very much! |
Description: I'm attempting to generate an SBOM for a Singularity file using Syft, but I encounter a runtime error.
Below is my setup and the command I used. I apologize, but due to the proprietary nature of the code I cannot share the .sif file
Environment:
OS: Windows 10 running a virtual Ubuntu 24.04.1
Syft version: 1.14.1
Steps to taken:
syft scan singularity:/mnt/shareee/siffiles/[FILE].sif -o cyclonedx-json > sbom-output.json
Error:
panic: runtime error: index out of range [512] with length 512
running syft scan singularity:/mnt/shareee/siffiles/[FILE].sif -o cyclonedx-json > sbom-output.json -vv
returns
panic: runtime error: index out of range [512] with length 512
goroutine 52 [running]:
github.com/sylabs/squashfs/low.(*Reader).fragEntry(0xc000162000, 0x16abf80?)
/home/runner/go/pkg/mod/github.com/sylabs/[email protected]/low/reader.go:162 +0x4d3
github.com/sylabs/squashfs/low.(*FileBase).GetRegFileReaders.func1()
/home/runner/go/pkg/mod/github.com/sylabs/[email protected]/low/file_base.go:110 +0x39
github.com/sylabs/squashfs/low.(*FileBase).GetRegFileReaders(0x53?, 0xc000162000)
/home/runner/go/pkg/mod/github.com/sylabs/[email protected]/low/file_base.go:120 +0x67e
github.com/sylabs/squashfs.(*File).initializeReaders(...)
/home/runner/go/pkg/mod/github.com/sylabs/[email protected]/file.go:176
github.com/sylabs/squashfs.(*File).Read(0xc001e28180, {0xc001378000, 0xc00, 0xc00})
/home/runner/go/pkg/mod/github.com/sylabs/[email protected]/file.go:103 +0x5c
github.com/anchore/stereoscope/pkg/file.(*sizer).Read(0xc0016ab248, {0xc001378000?, 0xc0004aa0e8?, 0x458849?})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/file/mime_type.go:41 +0x28
io.ReadAtLeast({0x1fafbc0, 0xc0016ab248}, {0xc001378000, 0xc00, 0xc00}, 0xc00)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/io.go:335 +0x90
io.ReadFull(...)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/io.go:354
github.com/gabriel-vasile/mimetype.DetectReader({0x1fafbc0, 0xc0016ab248})
/home/runner/go/pkg/mod/github.com/gabriel-vasile/[email protected]/mimetype.go:61 +0xe5
github.com/anchore/stereoscope/pkg/file.MIMEType({0x1fafbe0, 0xc001e28180})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/file/mime_type.go:21 +0x85
github.com/anchore/stereoscope/pkg/file.NewMetadataFromSquashFSFile({0xc001449f60, 0x1b}, 0xc001e28180)
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/file/metadata.go:118 +0x475
github.com/anchore/stereoscope/pkg/image.(*Layer).readSingularityImageLayer.squashfsVisitor.func1({0x1fafba0?, 0xc0001a0de0?}, {0xc0001fc150, 0x6f}, {0xc001449f60, 0x1b})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/image/layer.go:331 +0x16b
github.com/anchore/stereoscope/pkg/file.WalkSquashFS.walkDir.func1({0xc001449f60?, 0x0?}, {0x0?, 0x0?}, {0x0?, 0x0?})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/file/squashfs_walk.go:47 +0x57
io/fs.walkDir({0x1fafba0, 0xc0001a0de0}, {0xc001449f60, 0x1b}, {0x1fbe920, 0xc0002eac20}, 0xc0004aa9d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:73 +0x6c
io/fs.walkDir({0x1fafba0, 0xc0001a0de0}, {0xc0008abea8, 0x11}, {0x1fbe920, 0xc0003d0000}, 0xc0004aa9d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:95 +0x2bf
io/fs.walkDir({0x1fafba0, 0xc0001a0de0}, {0xc00047ca67, 0x7}, {0x1fbe920, 0xc00068a190}, 0xc0004aa9d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:95 +0x2bf
io/fs.walkDir({0x1fafba0, 0xc0001a0de0}, {0xc000682d5a, 0x3}, {0x1fbe920, 0xc0001a0120}, 0xc0004aa9d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:95 +0x2bf
io/fs.walkDir({0x1fafba0, 0xc0001a0de0}, {0x1f9ef28, 0x1}, {0x1fbe920, 0xc0001a0e00}, 0xc0004aa9d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:95 +0x2bf
io/fs.WalkDir({0x1fafba0, 0xc0001a0de0}, {0x1f9ef28, 0x1}, 0xc0006529d8)
/opt/hostedtoolcache/go/1.22.8/x64/src/io/fs/walk.go:122 +0xa5
github.com/anchore/stereoscope/pkg/file.WalkSquashFS({0xc0001fc150, 0x6f}, 0xc000652ae0)
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/file/squashfs_walk.go:37 +0x138
github.com/anchore/stereoscope/pkg/image.(*Layer).readSingularityImageLayer(0xc0005a26c0, 0xc000100008?, {0xc00009a090, 0x27}, 0xc0000c81c8)
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/image/layer.go:167 +0x399
github.com/anchore/stereoscope/pkg/image.(*Layer).Read(0xc0005a26c0, 0xc0000d2f90, 0x0, {0xc00009a090, 0x27})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/image/layer.go:106 +0x149
github.com/anchore/stereoscope/pkg/image.(*Image).Read(0xc000260008)
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/image/image.go:227 +0x6e5
github.com/anchore/stereoscope/pkg/image/sif.(*singularityImageProvider).Provide(0xc0001ad0b0, {0xc000149800?, 0x15ad15c?})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/pkg/image/sif/archive_provider.go:61 +0x249
github.com/anchore/syft/syft/source/stereoscopesource.stereoscopeImageSourceProvider.Provide({{0x1fb6740, 0xc0001ad0b0}, {{{0x7ffeb43bb0d4, 0x27}, 0x0, {0x0, 0x0, {...}, {...}, {...}}}, ...}}, ...)
/home/runner/work/syft/syft/syft/source/stereoscopesource/image_source_provider.go:32 +0xb3
github.com/anchore/syft/syft.GetSource({0x1fbe798, 0xc000692410}, {0x7ffeb43bb0d4, 0x27}, 0xc000149a40?)
/home/runner/work/syft/syft/syft/get_source.go:29 +0x1b8
github.com/anchore/syft/cmd/syft/internal/commands.getSource({0x1fbe798, 0xc000692410}, 0xc000004440, {0x7ffeb43bb0d4, 0x27}, {0xc0002eb880, 0x1, 0x1})
/home/runner/work/syft/syft/cmd/syft/internal/commands/scan.go:248 +0x63b
github.com/anchore/syft/cmd/syft/internal/commands.runScan({0x1fbe798, 0xc000692410}, {{0x19a1e1d, 0x4}, {0x1fa61ac, 0x6}, {0x1fbae60, 0x28}, {0x1fa7e20, 0x7}, ...}, ...)
/home/runner/work/syft/syft/cmd/syft/internal/commands/scan.go:185 +0x27d
github.com/anchore/syft/cmd/syft/internal/commands.Scan.func1(0xc0000ccc08, {0xc00038a300, 0x1, 0x0?})
/home/runner/work/syft/syft/cmd/syft/internal/commands/scan.go:102 +0xe6
github.com/anchore/clio.(*application).setupCommand.(*application).WrapRunE.func2.1(0x0?, {0xc00038a300?, 0x0?, 0x0?})
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/application.go:146 +0x9e
github.com/anchore/clio.async.func1()
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/application.go:344 +0x6a
created by github.com/anchore/clio.async in goroutine 1
/home/runner/go/pkg/mod/github.com/anchore/[email protected]/application.go:342 +0xc5
I was wondering if you would have some insight how I can circumvent the issue. Thank you in advance.
The text was updated successfully, but these errors were encountered: