Tracking issue: crashes in `chain` binary

PLSysSec / cargo-scan

A tool for auditing Rust crates

MIT License

15 stars 3 forks source link

Tracking issue: crashes in `chain` binary #38

Open cdstanford opened 1 year ago

cdstanford commented 1 year ago

Binary chain crashes with stack overflow on tokio:

caleb@caleb-mac cargo-scan % cargo run --bin chain -- create data/packages/tokio policy.manifest
    Finished dev [unoptimized + debuginfo] target(s) in 0.38s
     Running `target/debug/chain create data/packages/tokio policy.manifest`
Creating audit chain
Loading audit package lockfile
Creating dependency graph
Making default policy for unicode-ident v1.0.4
Making default policy for proc-macro2 v1.0.46
Making default policy for quote v1.0.21
Making default policy for syn v1.0.102

thread 'main' has overflowed its stack
fatal runtime error: stack overflow
zsh: abort      cargo run --bin chain -- create data/packages/tokio policy.manifest

cdstanford commented 1 year ago

There are also performance issues we should investigate later, as each line takes several seconds to run. Probably best to create a separate issue once this one resolves

cdstanford commented 1 year ago

generally deprecating the chain binary at the moment, so marking roadmap-unplanned

cdstanford commented 1 year ago

Cargo chain crash on serde-hex:

$ chain create serde-hex-0.1.0 okay
Creating audit chain
Loading audit package lockfile
Creating dependency graph
Making default policy for nodrop v0.1.14
Making default policy for array-init v0.0.4
Making default policy for unicode-ident v1.0.11
Making default policy for proc-macro2 v1.0.66
Making default policy for quote v1.0.33
Making default policy for syn v2.0.29
Error running command: Audit chain creation failed: Failed to read Cargo metadata from Cargo.toml file /home/d/hack/cargo-scan/.audit_crates/syn-2.0.29/Cargo.toml, Some(Version { major: 1, minor: 72, patch: 0 })

cdstanford commented 1 month ago

we're seeing a similar crash on serde-derive