Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: strconv.ParseInt fails to correctly parse swap/root device with "0X" prefix (e.g., "0XD") #3536

Open
brnpl opened this issue Dec 18, 2024 · 1 comment
Open

Bug: strconv.ParseInt fails to correctly parse swap/root device with "0X" prefix (e.g., "0XD") #3536

brnpl opened this issue Dec 18, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@brnpl
Copy link

brnpl commented Dec 18, 2024

What happened:
The strconv.ParseInt function is unable to correctly parse hexadecimal numbers when the input string contains "0XD" because it interprets the entire string, including the "0X" prefix, as part of the value. As a result, it throws the error: strconv.ParseInt: parsing "0XD": invalid syntax. This issue occurs because ParseInt expects a valid hexadecimal string, but "0XD" is not a valid representation when processed directly.

What you expected to happen:
I expected the parseLinuxKernelMetadata function to correctly parse the hexadecimal value after the "0X" prefix, so that "0XD" would be interpreted as "D" (hexadecimal for 13), resulting in a valid integer value.

Source: syft/pkg/cataloger/kernel/parse_linux_kernel_file.go

Steps to reproduce the issue:

  1. Have a vmlinuz file in the file system with swap_dev 0XD (or any other valid hex value);
  2. The error strconv.ParseInt: parsing "0XD": invalid syntax will be thrown;

Output example:

$ sudo syft /boot
 ✔ Indexed file system                                                                                                                                                                                                        /boot
 ✔ Cataloged contents                                                                                                                                              347a1e2537cc7aea90a4938443f967a544ea0e3f60fdc4cb45c3347a3df94bc9
   ├── ✔ Packages                        [3 packages]  
   ├── ✔ File digests                    [3 files]  
   ├── ✔ File metadata                   [3 locations]  
   └── ✔ Executables                     [13 executables]  
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XD": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
NAME          VERSION           TYPE           
linux-kernel  xx-generic  linux-kernel    
linux-kernel  xx-generic  linux-kernel    
linux-kernel  xx-generic  linux-kernel

Anything else we need to know?:
The Test_KernelCataloger function fails to account for the correct parsed value of the swap and root devices, as it expects both values to be 0 rather than the actual parsed value.

Source: syft/pkg/cataloger/kernel/cataloger_test.go

Environment:

  • Output of syft version:
 syft version
Application: syft
Version:    1.18.1
BuildDate:  2024-12-13T18:41:10Z
GitCommit:  5e16e5031a13f8a11057feb8544decebfc43b4ed
GitDescription: v1.18.1
Platform:   linux/amd64
GoVersion:  go1.23.4
Compiler:   gc
  • OS (e.g: cat /etc/os-release or similar):
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
@brnpl brnpl added the bug Something isn't working label Dec 18, 2024
@popey
Copy link
Contributor

popey commented Dec 18, 2024

Hi @brnpl - thanks so much for the issue, details, and the steps to reproduce it.

I've been able to reproduce it here on my 24.04 system.

sudo syft /boot
 ✔ Indexed file system /boot
 ✔ Cataloged contents 347a1e2537cc7aea90a4938443f967a544ea0e3f60fdc4cb45c3347a3df94bc9
   ├── ✔ Packages                        [3 packages]
   ├── ✔ File digests                    [3 files]
   ├── ✔ File metadata                   [3 locations]
   └── ✔ Executables                     [14 executables]
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
[0001]  WARN unable to parse swap device: strconv.ParseInt: parsing "0XE": invalid syntax
NAME          VERSION           TYPE
linux-kernel  6.8.0-1017-oem    linux-kernel
linux-kernel  6.8.0-1019-oem    linux-kernel
linux-kernel  6.8.0-51-generic  linux-kernel

We'll take a look at this.

Welcome to our community! Here are some links to help on your journey.

-- Alan Pope - Director, Developer Relations. Anchore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@popey @brnpl