x/vuln: panic: in main.fn: cannot convert *t0 (any) to I

[krhubert]

What version of Go are you using (go version)?

$ go version
go version go1.21.0 linux/amd64

Does this issue reproduce at the latest version of golang.org/x/vuln?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/user/.cache/go-build'
GOENV='/home/user/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/user/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/user'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/home/user/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/home/user/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.0'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/home/user/src/krhubert/govulncheck-issue/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build156863727=/tmp/go-build -gno-record-gcc-switches'

What did you do?

package main

func fn[I interface{ *any }](i I) {
  // panic: in main.fn: cannot convert *t0 (any) to I
  *i = *any(i).(I)
}

run:

govulncheck ./...

What did you expect to see?

No vulnerabilities found.

What did you see instead?

Scanning your code and 0 packages across 0 dependent modules for known vulnerabilities...

panic: in main.fn: cannot convert *t0 (any) to I

goroutine 72 [running]:
golang.org/x/tools/go/ssa.emitConv(0xc000387e00, {0x973c50, 0xc0001f4d80}, {0x970260?, 0xc0003c0030})
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/emit.go:286 +0xd79
golang.org/x/tools/go/ssa.emitStore(0xc000387e00, {0x973c50, 0xc0001f4cc0}, {0x973c50, 0xc0001f4d80}, 0x69)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/emit.go:377 +0x58
golang.org/x/tools/go/ssa.(*address).store(0xc0003c0630, 0xc000387e00?, {0x973c50?, 0xc0001f4d80?})
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/lvalue.go:40 +0x45
golang.org/x/tools/go/ssa.(*storebuf).emit(...)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:533
golang.org/x/tools/go/ssa.(*builder).assignStmt(0x7aa1b6?, 0xc000387e00, {0xc000504ca0, 0x1, 0x8b74cb?}, {0xc000504cc0, 0x1, 0x416568?}, 0x0)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:1207 +0x422
golang.org/x/tools/go/ssa.(*builder).stmt(0x1?, 0xc000387e00, {0x971c08?, 0xc0004dd840?})
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2181 +0x42d
golang.org/x/tools/go/ssa.(*builder).stmtList(...)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:946
golang.org/x/tools/go/ssa.(*builder).stmt(0xc000387e00?, 0xc000387e00, {0x971ab8?, 0xc0001f7d10?})
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2277 +0xe30
golang.org/x/tools/go/ssa.(*builder).buildFunctionBody(0x7a4eae?, 0xc000387e00)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2391 +0x410
golang.org/x/tools/go/ssa.(*builder).buildFunction(0x7a4f00?, 0xc000387e00)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2326 +0x28
golang.org/x/tools/go/ssa.(*builder).buildCreated(0xc00014de18)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2413 +0x25
golang.org/x/tools/go/ssa.(*Package).build(0xc0000c1c80)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2606 +0xc58
sync.(*Once).doSlow(0x0?, 0xc0002a0fd0?)
        /home/user/go/src/sync/once.go:74 +0xbf
sync.(*Once).Do(...)
        /home/user/go/src/sync/once.go:65
golang.org/x/tools/go/ssa.(*Package).Build(...)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2477
golang.org/x/tools/go/ssa.(*Program).Build.func1(0x8f21e0?)
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2462 +0x46
created by golang.org/x/tools/go/ssa.(*Program).Build in goroutine 70
        /home/user/pkg/mod/golang.org/x/[email protected]/go/ssa/builder.go:2461 +0x187

Solution

Update golang.org/x/tools to the latest version

git clone https://github.com/golang/vuln
go get -u golang.org/x/[email protected]
go mod tidy
go install ./cmd/govulncheck/

then run:

govulncheck ./...

No vulnerabilities found.

Share feedback at https://go.dev/s/govulncheck-feedback.

[seankhliao]

cc @golang/vulndb

[zpavlinovic]

@timothy-king

[timothy-king]

This was fixed by go.dev/cl/520555.