Skip to content

[Bug] Resolve invalid memory address or nil pointer dereference when building clients#49

Merged
austin-denoble merged 2 commits intomainfrom
adenoble/resolve-nil-reference-token
Oct 21, 2025
Merged

[Bug] Resolve invalid memory address or nil pointer dereference when building clients#49
austin-denoble merged 2 commits intomainfrom
adenoble/resolve-nil-reference-token

Conversation

@austin-denoble
Copy link
Collaborator

@austin-denoble austin-denoble commented Oct 20, 2025

Problem

This is a bug that Edo and Jesse have run into. There are certain instances where we're trying to access the values on a zero-value *oauth.Token pointer without checking it for nil. This was a miss on my part after implementing the TokenManager stuff.

Solution

Make sure to also nil-check the *oauth.Token response where it's being used.

I have not been able to reproduce the specific scenario where this happens myself, if I clear local state entirely and try and run $ pc index list without logging in, I'm shown a proper error message:

./dist/pc_darwin_arm64/pc index list
[ERROR] Please configure user credentials before attempting this operation. Log in with pc login, configure a service account with pc auth configure --client-id --client-secret, or set an explicit API key with pc config set-api-key.

However, we should be nil-checking the token itself before trying to access things anyways, so this fix should go in regardless. I was able to debug given the stack traces from both Edo and Jesse:

$ export PINECONE_API_KEY="xxx" && pc index create -n agentic-quickstart-test -m cosine -c aws -r us-east-1 --model llama-text-embed-v2 --field_map text=content
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x8 pc=0x104fe8be0]

goroutine 1 [running]:
github.com/pinecone-io/cli/internal/pkg/utils/sdk.NewPineconeClient()
        /home/runner/work/cli/cli/internal/pkg/utils/sdk/client.go:46 +0x250
github.com/pinecone-io/cli/internal/pkg/cli/command/index.runCreateIndexCmd({{0x16b3fb2cb, 0x17}, {0x0, 0x0}, {0x16b3fb2f0, 0x3}, {0x16b3fb2f7, 0x9}, {0x0, 0x0}, ...})
        /home/runner/work/cli/cli/internal/pkg/cli/command/index/create.go:139 +0x74
github.com/pinecone-io/cli/internal/pkg/cli/command/index.NewCreateIndexCmd.func1(0x14000303800?, {0x1050b2d73?, 0x4?, 0x1050b2d3b?})
        /home/runner/work/cli/cli/internal/pkg/cli/command/index/create.go:95 +0x40
github.com/spf13/cobra.(*Command).execute(0x1400035d808, {0x14000202480, 0xc, 0xc})
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987 +0x83c
github.com/spf13/cobra.(*Command).ExecuteC(0x140000f2908)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x378
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
github.com/pinecone-io/cli/internal/pkg/cli/command/root.Execute()
        /home/runner/work/cli/cli/internal/pkg/cli/command/root/root.go:30 +0x24
main.main()
        /home/runner/work/cli/cli/cmd/pc/main.go:11 +0x1c

$ pc index list
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x8 pc=0x102610c9c]
goroutine 1 [running]:
[github.com/pinecone-io/cli/internal/pkg/utils/sdk.NewPineconeClient()](http://github.com/pinecone-io/cli/internal/pkg/utils/sdk.NewPineconeClient())
	/home/runner/work/cli/cli/internal/pkg/utils/sdk/client.go:56 +0x30c
[github.com/pinecone-io/cli/internal/pkg/cli/command/index.NewListCmd.func1(0x140000e7900](http://github.com/pinecone-io/cli/internal/pkg/cli/command/index.NewListCmd.func1(0x140000e7900)?, {0x1026dad73?, 0x4?, 0x1026dad3b?})
	/home/runner/work/cli/cli/internal/pkg/cli/command/index/list.go:35 +0x28
[github.com/spf13/cobra.(*Command).execute(0x1400025d508](http://github.com/spf13/cobra.(*Command).execute(0x1400025d508), {0x102fd06c0, 0x0, 0x0})
	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:987 +0x83c
[github.com/spf13/cobra.(*Command).ExecuteC(0x1400019c908)](http://github.com/spf13/cobra.(*Command).ExecuteC(0x1400019c908))
	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x378
[github.com/spf13/cobra.(*Command).Execute(...)](http://github.com/spf13/cobra.(*Command).Execute(...))
	/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
[github.com/pinecone-io/cli/internal/pkg/cli/command/root.Execute()](http://github.com/pinecone-io/cli/internal/pkg/cli/command/root.Execute())
	/home/runner/work/cli/cli/internal/pkg/cli/command/root/root.go:30 +0x24
main.main()
	/home/runner/work/cli/cli/cmd/pc/main.go:11 +0x1c

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Infrastructure change (CI configs, etc)
  • Non-code change (docs, etc)
  • None of the above: (explain here)

Test Plan

@claude
Copy link

claude bot commented Oct 20, 2025
edited
Loading

Claude finished @austin-denoble's task —— View job

Code Review Analysis

I've reviewed the PR changes for nil pointer dereference fixes. Here's my comprehensive feedback:

Todo List:

  • Read and analyze all 6 modified files
  • Review nil check implementations
  • Check error handling patterns
  • Assess security implications
  • Look for test coverage gaps
  • Provide comprehensive feedback

Summary

Overall Assessment: This is a solid bug fix that addresses legitimate nil pointer dereference issues. The changes are minimal, focused, and follow good Go practices.

Code Quality & Best Practices

✅ Strengths:

  • Consistent pattern: All changes follow the same token == nil || token.AccessToken == "" pattern
  • Minimal scope: Changes are surgical and only address the specific nil check issue
  • Proper error handling: Existing error handling patterns are preserved
  • Clear intent: The changes directly address the stack traces mentioned in the PR description

🔍 Observations:

  • Changes are in 6 files with a consistent nil-check pattern
  • All modifications are single-line changes adding token == nil || before existing checks
  • The pattern matches Go best practices for nil pointer safety

Potential Issues

✅ No significant issues found, but some observations:

  1. Logic correctness in target.go:132: The condition logic is inverted compared to others:

    // This checks if token is NOT nil AND access token is empty
if accessToken != nil && accessToken.AccessToken == "" && clientId == "" && clientSecret == "" {

    This appears intentional - it's checking for a specific case where we have a token object but it's invalid.

  2. Error message consistency in client.go:56: Fixed error message from "pc login" to "pc auth login" for consistency.

Security Considerations

✅ Security impact is positive:

  • Prevents crashes that could be exploited for denial of service
  • No introduction of new security vulnerabilities
  • Maintains existing authentication flow security

Performance Considerations

✅ No performance concerns:

  • Nil checks are O(1) operations
  • Changes don't add significant overhead
  • No new allocations or expensive operations

Test Coverage

⚠️ Potential gap identified:

  • The PR mentions the author couldn't reproduce the issue locally
  • This suggests edge cases in oauth token lifecycle that might not be well-tested
  • Recommendation: Consider adding unit tests that explicitly test oauth.Token() returning nil in various scenarios

Specific Code Review

client.go:46 - ✅ Correct nil check before accessing AccessToken
client.go:56 - ✅ Good fix, also corrected error message consistency
client.go:134 - ✅ Proper nil check addition
auth/whoami.go:31 - ✅ Standard nil check pattern
whoami/whoami.go:31 - ✅ Identical fix, good consistency
config/set_environment.go:59 - ✅ Proper nil check for token operations
target/target.go:132 - ✅ Inverted logic is correct for this use case
oauth/logging.go:50 - ✅ Essential nil check for token parsing

Recommendations

  1. ✅ Approve and merge - This is a straightforward bug fix that should be deployed
  2. 📝 Testing enhancement: Consider adding unit tests for nil token scenarios: 
    func TestNewPineconeClient_NilToken(t *testing.T) {
    // Mock oauth.Token to return nil
    // Verify proper error handling without panic
}
  3. 🔍 Future consideration: Review oauth token lifecycle to understand when/why tokens become nil

Final Assessment

This PR successfully addresses the nil pointer dereference bug with minimal, focused changes. The implementation follows Go best practices and maintains code consistency. The fix should prevent the panics described in the stack traces while preserving all existing functionality.

Verdict: ✅ Recommended for approval

@claude
Copy link

claude bot commented Oct 21, 2025
edited
Loading

Claude finished @austin-denoble's task —— View job

Code Review Analysis

I've reviewed the PR changes for nil pointer dereference fixes. Here's my comprehensive feedback:

Todo List:

  • Read and analyze all modified files
  • Review nil check implementations
  • Check error handling patterns
  • Assess security implications
  • Look for performance considerations
  • Check for test coverage gaps
  • Provide comprehensive feedback

Summary

Overall Assessment: This is a solid bug fix that addresses legitimate nil pointer dereference issues. The changes are minimal, focused, and follow good Go practices.

Code Quality & Best Practices

✅ Strengths:

  • Consistent pattern: All changes follow the same token == nil || token.AccessToken == "" pattern
  • Minimal scope: Changes are surgical and only address the specific nil check issue
  • Proper error handling: Existing error handling patterns are preserved
  • Clear intent: The changes directly address the stack traces mentioned in the PR description

🔍 Observations:

  • Changes are in 7 files with a consistent nil-check pattern
  • All modifications are single-line changes adding token == nil || before existing checks
  • The pattern matches Go best practices for nil pointer safety

Specific Code Review

client.go:46 - ✅ Correct nil check before accessing AccessToken

if oauth2Token != nil && oauth2Token.AccessToken != ""

client.go:56 - ✅ Good fix, also corrected error message consistency

if oauth2Token == nil || oauth2Token.AccessToken == "" && (clientId == "" && clientSecret == "") && defaultAPIKey == ""

client.go:134 - ✅ Proper nil check addition

if oauth2Token == nil || oauth2Token.AccessToken == "" && (clientId == "" || clientSecret == "")

auth/whoami.go:31 - ✅ Standard nil check pattern

if token == nil || token.AccessToken == ""

whoami/whoami.go:31 - ✅ Identical fix, good consistency

if token == nil || token.AccessToken == ""

config/set_environment.go:59 - ✅ Proper nil check for token operations

if token != nil && (token.AccessToken != "" || token.RefreshToken != "")

target/target.go:132 - ✅ Inverted logic is correct for this use case

if token != nil && token.AccessToken == "" && clientId == "" && clientSecret == ""

This checks for a specific case where we have a token object but it's invalid.

oauth/logging.go:50 - ✅ Essential nil check for token parsing

if token == nil || token.AccessToken == ""

Potential Issues

✅ No significant issues found, but some observations:

  1. Logic correctness in target.go:132: The condition logic is inverted compared to others:

    // This checks if token is NOT nil AND access token is empty
if token != nil && token.AccessToken == "" && clientId == "" && clientSecret == ""

    This appears intentional - it's checking for a specific case where we have a token object but it's invalid.

  2. Error message consistency in client.go:56: Fixed error message from "pc login" to "pc auth login" for consistency.

Security Considerations

✅ Security impact is positive:

  • Prevents crashes that could be exploited for denial of service
  • No introduction of new security vulnerabilities
  • Maintains existing authentication flow security

Performance Considerations

✅ No performance concerns:

  • Nil checks are O(1) operations
  • Changes don't add significant overhead
  • No new allocations or expensive operations

Test Coverage

⚠️ Potential gap identified:

  • The PR mentions the author couldn't reproduce the issue locally
  • This suggests edge cases in oauth token lifecycle that might not be well-tested
  • Recommendation: Consider adding unit tests that explicitly test oauth.Token() returning nil in various scenarios

Recommendations

  1. ✅ Approve and merge - This is a straightforward bug fix that should be deployed
  2. 📝 Testing enhancement: Consider adding unit tests for nil token scenarios: 
    func TestNewPineconeClient_NilToken(t *testing.T) {
    // Mock oauth.Token to return nil
    // Verify proper error handling without panic
}
  3. 🔍 Future consideration: Review oauth token lifecycle to understand when/why tokens become nil

Final Assessment

This PR successfully addresses the nil pointer dereference bug with minimal, focused changes. The implementation follows Go best practices and maintains code consistency. The fix should prevent the panics described in the stack traces while preserving all existing functionality.

Verdict: ✅ Recommended for approval

@austin-denoble austin-denoble merged commit 44c51c0 into main Oct 21, 2025
5 checks passed
@austin-denoble austin-denoble deleted the adenoble/resolve-nil-reference-token branch October 21, 2025 03:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhamon jhamon Awaiting requested review from jhamon

@jseldess jseldess Awaiting requested review from jseldess

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@austin-denoble