[GH-ISSUE #39] Panic: goodhosts does not check slice length during removal #13

New issue

Closed

opened 2026-03-02 05:08:07 +03:00 by kerem · 6 comments

kerem commented 2026-03-02 05:08:07 +03:00

Owner

Copy link

Originally created by @yunginnanet on GitHub (May 18, 2022).
Original GitHub issue: https://github.com/goodhosts/hostsfile/issues/39

Mind you, these entries were found in the wild with bone stock Proxmox installs. This was while using the remove command.

goodhosts/cli Command

hosts r ff00::0

Version[s] reproduced with

(Using goodhosts/cli in all cases)

• Vendored copy that comes with goodhosts/cli
• Latest release
• Main branch

Excerpt of problematic IPv6 entries:

(ignore first line, it's only for context)

[::1 ip6-localhost ip6-loopback]
fe00::0 
ff00::0 
ff02::1 
ff02::2 
ff02::3 

Stack Trace:

removing ip ff00::0
panic: runtime error: slice bounds out of range [5:3]

goroutine 1 [running]:
github.com/goodhosts/hostsfile.(*Hosts).removeByPosition(...)
	/home/kayos/go/pkg/mod/github.com/goodhosts/hostsfile@v0.1.1/hosts.go:390
github.com/goodhosts/hostsfile.(*Hosts).RemoveByIp(0xc0002f0770, {0x7fff5401b761?, 0x660254?})
	/home/kayos/go/pkg/mod/github.com/goodhosts/hostsfile@v0.1.1/hosts.go:282 +0x1ff
github.com/goodhosts/cli/cmd.processSingleArg(0xc00029fae8?, {0x7fff5401b761, 0x7})
	/home/kayos/Workshop/goodhosts/cli/cmd/remove.go:97 +0xa9
github.com/goodhosts/cli/cmd.remove(0xc0002ee500)
	/home/kayos/Workshop/goodhosts/cli/cmd/remove.go:45 +0x145
github.com/urfave/cli/v2.(*Command).Run(0xc0001aab40, 0xc0002ee340)
	/home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/command.go:163 +0x5bb
github.com/urfave/cli/v2.(*App).RunContext(0xc0001a4d00, {0x6c90d8?, 0xc0000140b0}, {0xc000010180, 0x3, 0x3})
	/home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/app.go:313 +0xb48
github.com/urfave/cli/v2.(*App).Run(...)
	/home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/app.go:224
main.main()
	/home/kayos/Workshop/goodhosts/cli/main.go:59 +0x414

Other Thoughts

I started trying to trace this out but I'm not sure exactly where to fix this yet. I'll try to take a look when I have more time.

Originally created by @yunginnanet on GitHub (May 18, 2022). Original GitHub issue: https://github.com/goodhosts/hostsfile/issues/39 Mind you, these entries were found in the wild with bone stock Proxmox installs. This was while using the **remove** command. ### [goodhosts/cli](https://github.com/goodhosts/cli) Command `hosts r ff00::0` ### Version[s] reproduced with _(Using [goodhosts/cli](https://github.com/goodhosts/cli) in all cases)_ - [x] Vendored copy that comes with [goodhosts/cli](https://github.com/goodhosts/cli) - [x] Latest release - [x] Main branch ### Excerpt of problematic IPv6 entries: (ignore first line, it's only for context) ``` [::1 ip6-localhost ip6-loopback] fe00::0 ff00::0 ff02::1 ff02::2 ff02::3 ``` ### Stack Trace: ``` removing ip ff00::0 panic: runtime error: slice bounds out of range [5:3] goroutine 1 [running]: github.com/goodhosts/hostsfile.(*Hosts).removeByPosition(...) /home/kayos/go/pkg/mod/github.com/goodhosts/hostsfile@v0.1.1/hosts.go:390 github.com/goodhosts/hostsfile.(*Hosts).RemoveByIp(0xc0002f0770, {0x7fff5401b761?, 0x660254?}) /home/kayos/go/pkg/mod/github.com/goodhosts/hostsfile@v0.1.1/hosts.go:282 +0x1ff github.com/goodhosts/cli/cmd.processSingleArg(0xc00029fae8?, {0x7fff5401b761, 0x7}) /home/kayos/Workshop/goodhosts/cli/cmd/remove.go:97 +0xa9 github.com/goodhosts/cli/cmd.remove(0xc0002ee500) /home/kayos/Workshop/goodhosts/cli/cmd/remove.go:45 +0x145 github.com/urfave/cli/v2.(*Command).Run(0xc0001aab40, 0xc0002ee340) /home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/command.go:163 +0x5bb github.com/urfave/cli/v2.(*App).RunContext(0xc0001a4d00, {0x6c90d8?, 0xc0000140b0}, {0xc000010180, 0x3, 0x3}) /home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/app.go:313 +0xb48 github.com/urfave/cli/v2.(*App).Run(...) /home/kayos/go/pkg/mod/github.com/urfave/cli/v2@v2.6.0/app.go:224 main.main() /home/kayos/Workshop/goodhosts/cli/main.go:59 +0x414 ``` ### Other Thoughts I started trying to trace this out but I'm not sure exactly where to fix this yet. I'll try to take a look when I have more time.

kerem closed this issue 2026-03-02 05:08:07 +03:00

kerem commented 2026-03-02 05:08:07 +03:00

Author

Owner

Copy link

@yunginnanet commented on GitHub (May 18, 2022):

Actually upon further consideration I believe this is an issue with the cli tool, not this package.

That being said, panics should likely prevented even among misuse of the API. Reopening for this reason.

<!-- gh-comment-id:1129572216 --> @yunginnanet commented on GitHub (May 18, 2022): Actually upon further consideration I believe this is an issue with the cli tool, not this package. That being said, panics should likely prevented even among misuse of the API. Reopening for this reason.

kerem commented 2026-03-02 05:08:08 +03:00

Author

Owner

Copy link

@rfay commented on GitHub (Apr 6, 2023):

I see what I think is the same panic with this package and the attached (pristine) /etc/hosts on macOS:

panic: runtime error: index out of range [6] with length 4

goroutine 1 [running]:
github.com/goodhosts/hostsfile.(*Hosts).Add(0x140003264d0, {0x16eff7b14, 0x9}, {0x14000460fe0?, 0x1, 0x1})
	/Users/rfay/workspace/ddev/vendor/github.com/goodhosts/hostsfile/hosts.go:167 +0x3ec
github.com/ddev/ddev/pkg/ddevapp.AddHostEntry({0x16eff7b06, 0xd}, {0x16eff7b14, 0x9})
	/Users/rfay/workspace/ddev/pkg/ddevapp/hostname_mgt.go:140 +0xd4
github.com/ddev/ddev/cmd/ddev/cmd.glob..func30(0x1019e66c0?, {0x14000066600?, 0x2, 0x2})
	/Users/rfay/workspace/ddev/cmd/ddev/cmd/hostname.go:74 +0x20c
github.com/spf13/cobra.(*Command).execute(0x1019e66c0, {0x140000665a0, 0x2, 0x2})
	/Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:860 +0x4ac
github.com/spf13/cobra.(*Command).ExecuteC(0x1019e98c0)
	/Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:974 +0x354
github.com/spf13/cobra.(*Command).Execute(...)
	/Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:902
github.com/ddev/ddev/cmd/ddev/cmd.Execute()
	/Users/rfay/workspace/ddev/cmd/ddev/cmd/root.go:143 +0x40
main.main()
	/Users/rfay/workspace/ddev/cmd/ddev/main.go:20 +0xac

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost

<!-- gh-comment-id:1499238728 --> @rfay commented on GitHub (Apr 6, 2023): I see what I think is the same panic with this package and the attached (pristine) /etc/hosts on macOS: ``` panic: runtime error: index out of range [6] with length 4 goroutine 1 [running]: github.com/goodhosts/hostsfile.(*Hosts).Add(0x140003264d0, {0x16eff7b14, 0x9}, {0x14000460fe0?, 0x1, 0x1}) /Users/rfay/workspace/ddev/vendor/github.com/goodhosts/hostsfile/hosts.go:167 +0x3ec github.com/ddev/ddev/pkg/ddevapp.AddHostEntry({0x16eff7b06, 0xd}, {0x16eff7b14, 0x9}) /Users/rfay/workspace/ddev/pkg/ddevapp/hostname_mgt.go:140 +0xd4 github.com/ddev/ddev/cmd/ddev/cmd.glob..func30(0x1019e66c0?, {0x14000066600?, 0x2, 0x2}) /Users/rfay/workspace/ddev/cmd/ddev/cmd/hostname.go:74 +0x20c github.com/spf13/cobra.(*Command).execute(0x1019e66c0, {0x140000665a0, 0x2, 0x2}) /Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:860 +0x4ac github.com/spf13/cobra.(*Command).ExecuteC(0x1019e98c0) /Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:974 +0x354 github.com/spf13/cobra.(*Command).Execute(...) /Users/rfay/workspace/ddev/vendor/github.com/spf13/cobra/command.go:902 github.com/ddev/ddev/cmd/ddev/cmd.Execute() /Users/rfay/workspace/ddev/cmd/ddev/cmd/root.go:143 +0x40 main.main() /Users/rfay/workspace/ddev/cmd/ddev/main.go:20 +0xac ``` ``` ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost ```

kerem commented 2026-03-02 05:08:08 +03:00

Author

Owner

Copy link

@rfay commented on GitHub (Apr 6, 2023):

I'll open a new issue; this happens during add.

<!-- gh-comment-id:1499250869 --> @rfay commented on GitHub (Apr 6, 2023): I'll open a new issue; this happens during add.

kerem commented 2026-03-02 05:08:08 +03:00

Author

Owner

Copy link

@luthermonson commented on GitHub (Apr 6, 2023):

Thanks pls do

<!-- gh-comment-id:1499306191 --> @luthermonson commented on GitHub (Apr 6, 2023): Thanks pls do

kerem commented 2026-03-02 05:08:08 +03:00

Author

Owner

Copy link

@rfay commented on GitHub (Apr 6, 2023):

Opened

• https://github.com/goodhosts/hostsfile/issues/42

<!-- gh-comment-id:1499322286 --> @rfay commented on GitHub (Apr 6, 2023): Opened * https://github.com/goodhosts/hostsfile/issues/42

kerem commented 2026-03-02 05:08:08 +03:00

Author

Owner

Copy link

@luthermonson commented on GitHub (Sep 29, 2023):

@yunginnanet your issue was actually different than the HostsPerLine, it was strictly in the RemoveIP code and is now fixed by all the reindex code I just added

<!-- gh-comment-id:1741588847 --> @luthermonson commented on GitHub (Sep 29, 2023): @yunginnanet your issue was actually different than the HostsPerLine, it was strictly in the RemoveIP code and is now fixed by all the reindex code I just added

kerem referenced this issue 2026-03-02 05:08:13 +03:00

[PR #14] [MERGED] fix panic in combineIp #27

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v0.1.7

v0.1.6

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hostsfile#13

No description provided.