Sibling-hunt finding from PR #648 review.
PR #648 added nil-guards to convertFromSwarmService, convertTaskTemplateFromSwarm,
convertFromSwarmTask, convertFromSDKEvent, and Container.Create.
4 more helpers in core/adapters/docker/ retain unguarded pointer
derefs:
| File:Line |
Helper |
Risk |
convert.go:127 |
convertFromAPIContainer(c *containertypes.Summary) |
derefs c.Names, c.ID, c.Image |
convert.go:148 |
convertFromNetworkResource(n *networktypes.Summary) |
derefs n.Name, n.IPAM.Driver, n.Containers |
convert.go:197 |
convertFromNetworkInspect(n *networktypes.Inspect) |
derefs n.Name, n.IPAM, n.Containers |
container.go:453 |
convertToMount(m *domain.Mount) mount.Mount |
derefs m.Type |
All four are reached via &loopVar from a range over a slice, so
no live panic exists today. The signature contract is unsafe,
though — same defense-in-depth concern PR #648 addressed for the
swarm/event family.
convertToMount is especially asymmetric: every other convertTo*
helper in container.go (convertToHostConfig, convertToNetworkingConfig,
convertToEndpointSettings, convertToContainerConfig) DOES guard
nil. Only convertToMount does not.
Suggested fix
Mirror PR #648's pattern: if x == nil { return zeroValue }
early-return + godoc + nil-input regression test using failOnPanic.
Severity
Low — defense-in-depth. Same bug class as #619 / #626 / #632.
Related
- #622 — original
audit
- #626: convertTo*
swarm/mount halves
- #632: convertFrom*
swarm/event halves
- PR #648: fixed
the symmetric From* + Container.Create half
Sibling-hunt finding from PR #648 review.
PR #648 added nil-guards to
convertFromSwarmService,convertTaskTemplateFromSwarm,convertFromSwarmTask,convertFromSDKEvent, andContainer.Create.4 more helpers in
core/adapters/docker/retain unguarded pointerderefs:
convert.go:127convertFromAPIContainer(c *containertypes.Summary)c.Names,c.ID,c.Imageconvert.go:148convertFromNetworkResource(n *networktypes.Summary)n.Name,n.IPAM.Driver,n.Containersconvert.go:197convertFromNetworkInspect(n *networktypes.Inspect)n.Name,n.IPAM,n.Containerscontainer.go:453convertToMount(m *domain.Mount) mount.Mountm.TypeAll four are reached via
&loopVarfrom arangeover a slice, sono live panic exists today. The signature contract is unsafe,
though — same defense-in-depth concern PR #648 addressed for the
swarm/event family.
convertToMountis especially asymmetric: every otherconvertTo*helper in container.go (
convertToHostConfig,convertToNetworkingConfig,convertToEndpointSettings,convertToContainerConfig) DOES guardnil. Only
convertToMountdoes not.Suggested fix
Mirror PR #648's pattern:
if x == nil { return zeroValue }early-return + godoc + nil-input regression test using
failOnPanic.Severity
Low — defense-in-depth. Same bug class as #619 / #626 / #632.
Related
audit
swarm/mount halves
swarm/event halves
the symmetric From* + Container.Create half