Panic when using unhashable types (e.g., []byte) as map keys in mapAnyAny.Unmarshal with FuzzTest #369
Description
The Unmarshal method in mapAnyAny does not properly validate keys to ensure they are hashable types. When a key of type []byte (or a pointer to it) is passed, it results in a runtime panic:
panic: runtime error: hash of unhashable type []uint8
This occurs during fuzz testing (TestFuzzConnCrashers) when invalid AMQP frames are processed.
The issue was discovered during fuzz testing of AMQP frame parsing.
Steps to Reproduce
- Run the test TestFuzzConnCrashers https://github.com/Azure/go-amqp/blob/main/fuzz_test.go#L146 with the following input:
func TestFuzzConnCrashers(t *testing.T) {
tests := []string{
0: "AMQP\x03\x01\x00\x00\x00\x00\x00?\x02\x01\x00\x00\x00S@\xc02\x01\xe0/\x04\xb3\x00\x00\x00\aMSSBCBS\x00\x00\x00\x05PLAIN\x00\x00\x00\tANONYMOUS\x00\x00\x00\bEXTERNAL\x00\x00\x00\x1a\x02\x01\x00\x00\x00SD\xc0\r\x02P\x00\xa0\b@elcome!AMQP\x00\x01\x00\x00\x00\x00\x00G\x02\x00\x00\x00\x00S\x10\xc0:\n\xa1$83a29beddd84468ba2e37f3017eeab1d_G29@p\x00\x00\x02\x00`\x00\x01p\x00\x03\xa9\x80@@@@@\x00\x00\x00\x1f\x02\x00\x00\x00\x00S\x11\xc0\x12\b`\x00\x00R\x01p\x00\x00\x13\x88R\x01R\xff@@@\x00\x00\x01\x00\x02\x00\x00\x00\x00S\x12\xc0W\x0e\xa1(oJnNPGsiuzytMOJPatwtPilfsfykSBGplhxtxVSGCB@P\x01\x00S(\xc0\x12\v\xa1\x05/test@@@@@@@\x00a\x82r\xc1\\\x06\xa3\x13Name\xa1\x82\x82\x82\x80\x82\x82\x00\x00@\x14\xc0\x1d\v@@\x00\x00\x00CC\xa0\x10F>\xc6\\\x06&\x9c\x03\xa8\x8e\xe7\x83\xe3;C@B@@@@A\x00Sp\xc0\n\x05@@pH\x19\b\x00@C\x00Sr\xc1\\\x06\xa3\x13x-opt-enqueued-time\x83\x00\x00\x01[\x9c_)ѣ\x15x-opt-sequence-number\x81\x00\x00\x00\x00\x00\x00\x03x\xa3\x12x-o\xact-locked-until\x83\x00\x00\x01[\x9c_\x9f\x11\x00Ss\xc0H\r\xa1$5e84053f-81@\xd8\xd4 \x13{{c9-49fc-ae42-ff0ab353d998@@\xa1\x14Service Bus Explorer@@@@@@@@@\x00S",
}
for i, tt := range tests {
t.Run(strconv.Itoa(i), func(t *testing.T) {
end := leaktest.Check(t)
require.Zero(t, fuzzConn([]byte(tt)))
end()
})
}
}
panic: runtime error: hash of unhashable type []uint8
goroutine 34 [running]:
github.com/Azure/go-amqp/internal/encoding.(*mapAnyAny).Unmarshal(0xc0001193e0, 0xc000100040)
/Users/semin.m.v/GitHubProject/go-amqp/internal/encoding/types.go:291 +0x15c
github.com/Azure/go-amqp/internal/encoding.readAnyMap(0xc000108272?)
/Users/semin.m.v/GitHubProject/go-amqp/internal/encoding/decode.go:585 +0x30
github.com/Azure/go-amqp/internal/encoding.ReadAny(0x0?)
/Users/semin.m.v/GitHubProject/go-amqp/internal/encoding/decode.go:565 +0x727
github.com/Azure/go-amqp/internal/encoding.Unmarshal(0xc000100040, {0x7fbec00, 0xc000100070})
/Users/semin.m.v/GitHubProject/go-amqp/internal/encoding/decode.go:205 +0x9
- Observe the panic in the mapAnyAny.Unmarshal function.
Please apply the proposed fix to ensure all key types (including pointers to invalid types) are validated before being used in maps. This will prevent runtime panics and improve the library's robustness.