Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stackoverflow error when creating a CycloneDX report with a dependency graph #9587

Closed
sschuberth opened this issue Dec 11, 2024 · 3 comments · Fixed by #9591
Closed

Stackoverflow error when creating a CycloneDX report with a dependency graph #9587

sschuberth opened this issue Dec 11, 2024 · 3 comments · Fixed by #9591
Assignees
@sschuberth

Comments

@sschuberth
Copy link
Member

@sschuberth: Thanks for your work.

Unfortunately I get a stackoverflow error with ort v43.0.0 - maybe because of a lot of definition files?

 ______________________________                                                
/        \_______   \__    ___/ The OSS Review Toolkit, version 43.0.0,        
|    |   | |       _/ |    |    built with JDK 21.0.5+11-LTS, running under Jav
|    |   | |    |   \ |    |    Executing 'analyze' as 'ort' on Linux          
\________/ |____|___/ |____|    with 8 CPUs and a maximum of 8192 MiB of memory
...
Found in total 14 definition file(s) from the following 8 package manager(s):
        GoMod, Maven, NPM, NuGet, PIP, PNPM, Poetry, Yarn
...

 ______________________________                                                
/        \_______   \__    ___/ The OSS Review Toolkit, version 43.0.0,        
|    |   | |       _/ |    |    built with JDK 21.0.5+11-LTS, running under Jav
|    |   | |    |   \ |    |    Executing 'report' as 'ort' on Linux           
\________/ |____|___/ |____|    with 8 CPUs and a maximum of 8192 MiB of memory
                                                                               
Environment variables:                                                        
ORT_CONFIG_DIR = /home/ort/.ort/config                                        
ORT_DATA_DIR = /builds/compliance/license-scanning/.ort                
HOME = /home/ort                                                              
JAVA_HOME = /opt/java/openjdk                                                 
ANDROID_HOME = /opt/android-sdk                                               
                                                                              
Looking for ORT configuration in the following file:
        /home/ort/.ort/config/config.yml
Generating the 'WebApp' report in thread 'DefaultDispatcher-worker-1'...
Generating the 'CycloneDX' report in thread 'DefaultDispatcher-worker-3'...
Generating the 'PlainTextTemplate' report in thread 'DefaultDispatcher-worker-4'...
Exception in thread "main" java.lang.StackOverflowError
	at org.ossreviewtoolkit.model.DependencyRefCursor.visitDependencies(DependencyGraphNavigator.kt:165)
	at org.ossreviewtoolkit.model.DependencyGraphNavigator.packageDependencies$traverse(DependencyGraphNavigator.kt:104)
	at org.ossreviewtoolkit.model.DependencyGraphNavigator.packageDependencies$traverse$lambda$8(DependencyGraphNavigator.kt:105)
	at org.ossreviewtoolkit.model.DependencyRefCursor.visitDependencies(DependencyGraphNavigator.kt:165)
...
	at org.ossreviewtoolkit.model.DependencyGraphNavigator.packageDependencies(DependencyGraphNavigator.kt:110)
	at org.ossreviewtoolkit.model.OrtResult.getDependencies(OrtResult.kt:241)
	at org.ossreviewtoolkit.plugins.reporters.cyclonedx.BomExtensionsKt.addDependencies(BomExtensions.kt:66)
...
        at org.ossreviewtoolkit.plugins.reporters.cyclonedx.BomExtensionsKt.addDependencies(BomExtensions.kt:67)

Originally posted by @mawl in #3906
@sschuberth sschuberth mentioned this issue Dec 11, 2024
Closed
@sschuberth sschuberth self-assigned this Dec 12, 2024
@mawl
Copy link

mawl commented Dec 12, 2024

After my tests I can say, that the error occurs with NPM package manager during report phase.

If it is possible to share files in a secret way on GitHub, I can provide you the evaluation-result.yml for further testing.

@sschuberth
Copy link
Member Author

I can reproduce the issue now also with a Maven project, although the root cause is a bit more special than for NPM. I'll try to create a band-aid that covers both cases.

sschuberth added a commit that referenced this issue Dec 12, 2024
@sschuberth
fix(cyclonedx): Avoid a StackOverflowError due to dependency cycles
c494785 
Fixes #9587.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@sschuberth sschuberth mentioned this issue Dec 12, 2024
Merged
sschuberth added a commit that referenced this issue Dec 12, 2024
@sschuberth
fix(cyclonedx): Avoid a StackOverflowError due to dependency cycles
cdfd561 
Fixes #9587.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
@mawl
Copy link

mawl commented Dec 16, 2024

Thanks a lot. Error is gone now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sschuberth sschuberth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cyclonedx): Avoid a StackOverflowError due to dependency cycles oss-review-toolkit/ort
2 participants
@sschuberth @mawl