Comparing v0.6.0...v0.6.1 · moby/patternmatcher (original) (raw)
Pattern.compile was updating Pattern.matchType in-place. In situations where
the resulting regex failed to compile, it would return early (with an error),
but the matchType was already set.
In that situation, Pattern.match would consider the matchType already
set, skip the p.matchType == unknownMatch condition, and fall through
to trying to use p.regex, which was nil, and resulted in a panic;
journalctl -u docker.service -f
dockerd[423967]: panic: runtime error: invalid memory address or nil pointer dereference
dockerd[423967]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x90 pc=0x557e0f7ebf80]
dockerd[423967]: goroutine 1241 [running]:
dockerd[423967]: regexp.(*Regexp).doExecute(0x557e11b285a0?, {0x0?, 0x0?}, {0x0?, 0x557e11922650?, 0x557e11922650?}, {0xc0009d3db0?, 0xc000061778?}, 0x557e0f6d0d99?, 0x0, ...)
dockerd[423967]: /usr/local/go/src/regexp/exec.go:527 +0x80
dockerd[423967]: regexp.(*Regexp).doMatch(...)
dockerd[423967]: /usr/local/go/src/regexp/exec.go:514
dockerd[423967]: regexp.(*Regexp).MatchString(...)
dockerd[423967]: /usr/local/go/src/regexp/regexp.go:527
dockerd[423967]: github.com/moby/patternmatcher.(*Pattern).match(0x557e11922650?, {0xc0009d3db0, 0x1})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/patternmatcher/patternmatcher.go:334 +0x26b
dockerd[423967]: github.com/moby/patternmatcher.(*PatternMatcher).MatchesOrParentMatches(0xc000d761e0, {0xc0009d3db0, 0x1})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/patternmatcher/patternmatcher.go:142 +0xda
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.validateCopySourcePath({0xc0009d3db0, 0x1}, 0xc0000621f8)
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:2023 +0x55
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.dispatchCopy(_, {{{0xc0009d3dc0, 0x1}, {0xc0009b5d10, 0x1, 0x1}, {0x0, 0x0, 0x0}}, {0x0, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:1607 +0xd5c
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.dispatch(_, {{_, _}, {_, _, _}, _}, {0xc000aab6a0, {0x557e1214c560, 0xc0007b79e0}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:1004 +0xafb
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.toDispatchState({_, _}, {_, _, _}, {{0xc000d5c8d0, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:731 +0x3926
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb.Dockerfile2LLB({_, _}, {_, _, _}, {{0xc000d5c8d0, {0x0, 0x0}, {0x0, 0x0}, ...}, ...})
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go:90 +0x65
dockerd[423967]: github.com/moby/buildkit/frontend/dockerfile/builder.Build.func6({0x557e121613e0, 0xc000cfd590}, 0x0, 0x557e0f64accb?)
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerfile/builder/build.go:136 +0xfe
dockerd[423967]: github.com/moby/buildkit/frontend/dockerui.(*Client).Build.func1()
dockerd[423967]: /root/build-deb/engine/vendor/github.com/moby/buildkit/frontend/dockerui/build.go:39 +0x71
dockerd[423967]: golang.org/x/sync/errgroup.(*Group).Go.func1()
dockerd[423967]: /root/build-deb/engine/vendor/golang.org/x/sync/errgroup/errgroup.go:93 +0x50
dockerd[423967]: created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 1136
dockerd[423967]: /root/build-deb/engine/vendor/golang.org/x/sync/errgroup/errgroup.go:78 +0x95
systemd[1]: docker.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: docker.service: Failed with result 'exit-code'.This patch:
- updates
Pattern.compileto use a local variable for the intermediate state, and only updatesPattern.matchTypewhen completing successfully. - adds a nil-check in
Pattern.matchas defense-in-depth.
Signed-off-by: Sebastiaan van Stijn github@gone.nl