fix: deep-copy user mutated attributes #1148
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
| if event.User.Data != nil { | ||
| eventToBuffer.User.Data = deepCopyMapStringString(event.User.Data) |
There was a problem hiding this comment.
Bug: Accessing event.User.Data without checking if event.User is nil can cause a nil pointer dereference panic.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
If event.User is nil, accessing event.User.Data on line 780-781 will cause a nil pointer dereference panic. The if event.User.Data != nil check is evaluated after event.User is dereferenced, leading to a crash if event.User is nil. This is a crash bug that will cause the server to panic if an event with a nil User field is processed.
💡 Suggested Fix
Add a nil check for event.User before accessing its Data field. The guard should be if event.User != nil && event.User.Data != nil { ... }.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: client.go#L780-L781
Potential issue: If `event.User` is `nil`, accessing `event.User.Data` on line 780-781
will cause a nil pointer dereference panic. The `if event.User.Data != nil` check is
evaluated *after* `event.User` is dereferenced, leading to a crash if `event.User` is
`nil`. This is a crash bug that will cause the server to panic if an event with a `nil`
`User` field is processed.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 4079172
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1148 +/- ##
==========================================
- Coverage 86.85% 85.83% -1.02%
==========================================
Files 62 63 +1
Lines 6092 6184 +92
==========================================
+ Hits 5291 5308 +17
- Misses 587 656 +69
- Partials 214 220 +6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| k := iter.Key() | ||
| val := iter.Value().Interface() | ||
| newVal := deepCopyValue(val) | ||
| newMap.SetMapIndex(k, reflect.ValueOf(newVal)) |
There was a problem hiding this comment.
Bug: Nil values in nested maps/slices cause data loss or panic
When deepCopyValue returns nil for a nil value in a nested structure, reflect.ValueOf(nil) produces an invalid reflect.Value. For maps, calling SetMapIndex with an invalid Value silently deletes the key, causing data loss. For slices and arrays, calling Set with an invalid Value causes a panic. This affects user-provided Extra and Context data containing nested collections with nil values.
Additional Locations (2)
| clone.breadcrumbs = make([]*Breadcrumb, len(scope.breadcrumbs)) | ||
| copy(clone.breadcrumbs, scope.breadcrumbs) | ||
| clone.breadcrumbs = make([]*Breadcrumb, 0, len(scope.breadcrumbs)) | ||
| for _, b := range scope.breadcrumbs { | ||
| clone.breadcrumbs = append(clone.breadcrumbs, deepCopyBreadcrumb(b)) | ||
| } | ||
| clone.attachments = make([]*Attachment, len(scope.attachments)) | ||
| copy(clone.attachments, scope.attachments) | ||
| for key, value := range scope.tags { | ||
| clone.tags[key] = value | ||
| } | ||
| for key, value := range scope.contexts { | ||
| clone.contexts[key] = cloneContext(value) | ||
| } | ||
| for key, value := range scope.extra { | ||
| clone.extra[key] = value |
There was a problem hiding this comment.
Correct me if I'm wrong, but:
this was here already and was not causing problems, and it's a separate code path from the buffer/transport, so I don't think this should be changed at all.
I assume this was deliberately done this way because scope forking happens frequently and so you wouldn't want to do an expensive deep copy.
| // a proper deep copy: if some context values are pointer types (e.g. maps), | ||
| // they won't be properly copied. | ||
| func cloneContext(c Context) Context { | ||
| res := make(Context, len(c)) |
| if event.User.Data != nil { | ||
| eventToBuffer.User.Data = deepCopyMapStringString(event.User.Data) | ||
| } | ||
|
|
There was a problem hiding this comment.
Nested in Event there are other things we might care about, for example a Span can have Data (and apparently tags and extra), same about Log attributes, etc. Do we care about those?
Description
Since the addition of Telemetry Buffers moves the serialization to a background worker, user provided attributes that can be mutated should be deep copied, to avoid panics during serialization.