Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] #1968

Closed
secsys-go opened this issue Sep 17, 2022 · 1 comment
Closed

[BUG] #1968

secsys-go opened this issue Sep 17, 2022 · 1 comment
Assignees

Comments

@secsys-go
Copy link
Contributor

Describe the bug
We used the Fuzz engine to modify some Test(TestUseRouterParentDisallow) data, and then the following crash appeared. We hope to get the help of the developer to confirm whether it is a real bug.

To Reproduce

	const expectedResponse = "no_userouter_allowed"
	app := iris.New()
	app.UseRouter(func(ctx iris.Context) {
		ctx.WriteString("always")
		ctx.Next()
	})
	app.Get("/index", func(ctx iris.Context) {
		ctx.WriteString(expectedResponse)
	})

	app.SetPartyMatcher(func(ctx iris.Context, p iris.Party) bool {
		// modifies the PartyMatcher to not match any UseRouter,
		// tests should receive the handlers response alone.
		return false
	})

	var1 := "0"
	app.PartyFunc(var1, func(p iris.Party) { // it's the same instance of app.
		p.UseRouter(func(ctx iris.Context) {
			ctx.WriteString("_2")
			ctx.Next()
		})
		p.Get("/", func(ctx iris.Context) {
			ctx.WriteString(expectedResponse)
		})
	})

	var2 := "0\\\\\\0"
	app.PartyFunc(var2, func(p iris.Party) {
		p.UseRouter(func(ctx iris.Context) {
			ctx.WriteString("_3")
			ctx.Next()
		})

		p.Get("/", func(ctx iris.Context) {
			ctx.WriteString(expectedResponse)
		})
	})

	httptest.New(t, app)

Crash log

panic: runtime error: index out of range [0] with length 0 [recovered]
	panic: runtime error: index out of range [0] with length 0

goroutine 70 [running]:
testing.tRunner.func1.2({0xd2dae0, 0xc000037080})
	/home/zjx/.local/go/src/testing/testing.go:1211 +0x24e
testing.tRunner.func1()
	/home/zjx/.local/go/src/testing/testing.go:1214 +0x218
panic({0xd2dae0, 0xc000037080})
	/home/zjx/.local/go/src/runtime/panic.go:1038 +0x215
github.com/kataras/iris/v12/core/router.(*trie).insert(0xc00070a040, {0xc0003c7e7a, 0x5}, {0xf1b9a0, 0xc00000cd20}, {0xc0001a2a20, 0x1, 0x1})
	/home/zjx/workspace/gowork/src/purelib/iris/core/router/trie.go:124 +0x745
github.com/kataras/iris/v12/core/router.(*routerHandler).AddRoute(0xc0001a5f80, 0xc00000cd20)
	/home/zjx/workspace/gowork/src/purelib/iris/core/router/handler.go:122 +0x29f
github.com/kataras/iris/v12/core/router.(*routerHandler).Build(0xc0001a5f80, {0xf05570, 0xc000153e60})
	/home/zjx/workspace/gowork/src/purelib/iris/core/router/handler.go:234 +0x2f2
github.com/kataras/iris/v12/core/router.(*Router).BuildRouter(0xc0001a5ce0, 0xc0001a29b8, {0xf055a8, 0xc0001a5f80}, {0xf05570, 0xc000153e60}, 0x0)
	/home/zjx/workspace/gowork/src/purelib/iris/core/router/router.go:188 +0xbf
github.com/kataras/iris/v12.(*Application).Build(0xc000220000)
	/home/zjx/workspace/gowork/src/purelib/iris/iris.go:748 +0x72c
github.com/kataras/iris/v12/httptest.New(0xc000501ba0, 0xc000220000, {0x0, 0x0, 0xd85c40})
	/home/zjx/workspace/gowork/src/purelib/iris/httptest/httptest.go:118 +0xc5
github.com/kataras/iris/v12/core/router_test.FuzzTestUseRouterParentDisallow({0xc0001ee000, 0x5, 0x200})
	/home/zjx/workspace/gowork/src/purelib/iris/core/router/router_handlers_order_test.go_TestUseRouterParentDisallow_test.go:117 +0x1d2

Desktop:

  • OS: Linux r920 4.15.0-159-generic #167-Ubuntu

iris.Version

  • e.g. commit 9e8a58b (HEAD -> master, origin/master, origin/HEAD)
kataras added a commit that referenced this issue Sep 17, 2022
@kataras
Copy link
Owner

kataras commented Sep 17, 2022

Hello @secsys-go, fetch the latest @master version and try again, here is the test:

main.go

package main

import "github.com/kataras/iris/v12"

func main() {
	// app := iris.New()
	// app.Get("/test/{p:string eqor([:,*])}", func(ctx iris.Context) {
	// 	ctx.Writef("Hi, %s", ctx.Params().Get("p"))
	// })

	app := newApp()
	app.Listen(":8080")
}

const expectedResponse = "no_userouter_allowed"

func newApp() *iris.Application {
	app := iris.New()

	app.UseRouter(func(ctx iris.Context) {
		ctx.WriteString("always")
		ctx.Next()
	})
	app.Get("/index", func(ctx iris.Context) {
		ctx.WriteString(expectedResponse)
	})

	app.SetPartyMatcher(func(ctx iris.Context, p iris.Party) bool {
		// modifies the PartyMatcher to not match any UseRouter,
		// tests should receive the handlers response alone.
		return false
	})

	var1 := "\\"
	app.PartyFunc(var1, func(p iris.Party) { // it's the same instance of app.
		p.UseRouter(func(ctx iris.Context) {
			ctx.WriteString("_2")
			ctx.Next()
		})
		p.Get("/", func(ctx iris.Context) {
			ctx.WriteString(expectedResponse)
		})
	})

	var2 := "*\\*\\*"
	app.PartyFunc(var2, func(p iris.Party) {
		p.UseRouter(func(ctx iris.Context) {
			ctx.WriteString("_3")
			ctx.Next()
		})

		p.Get("/", func(ctx iris.Context) {
			ctx.WriteString(expectedResponse)
		})
	})

	return app
}

main_test.go

package main

import (
	"testing"

	"github.com/kataras/iris/v12/httptest"
)

func TestIssue(t *testing.T) {
	app := newApp()

	e := httptest.New(t, app)

	e.GET("/").Expect().Status(httptest.StatusOK).Body().Equal(expectedResponse)
	e.GET("/user").Expect().Status(httptest.StatusNotFound)
	e.GET("/*/*/*").Expect().Status(httptest.StatusOK).Body().Equal(expectedResponse)
	// e.GET("/*/*/anything").Expect().Status(httptest.StatusNotFound)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants