diff options
| author | Cuong Manh Le <cuong.manhle.vn@gmail.com> | 2023-01-17 01:29:02 +0700 |
|---|---|---|
| committer | Cherry Mui <cherryyz@google.com> | 2023-01-18 18:32:01 +0000 |
| commit | d7c6da8bacf11f845a837a9c93ce43c607dba8a1 (patch) | |
| tree | 6eb41510dcb2c0a7e43f5cd2f63514c1a33fb762 | |
| parent | 9eed826bf92818fd9473460af32af70dc0ec59ed (diff) | |
| download | go-d7c6da8bacf11f845a837a9c93ce43c607dba8a1.tar.gz go-d7c6da8bacf11f845a837a9c93ce43c607dba8a1.zip | |
[release-branch.go1.20] cmd/compile: fix unsafe.{SliceData,StringData} escape analysis memory corruption
Updates #57823
Updates #57854
Change-Id: I54654d3ecb20b75afa9052c5c9db2072a86188d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/461759
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/461760
| -rw-r--r-- | src/cmd/compile/internal/escape/call.go | 6 | ||||
| -rw-r--r-- | test/fixedbugs/issue57823.go | 76 |
2 files changed, 81 insertions, 1 deletions
diff --git a/src/cmd/compile/internal/escape/call.go b/src/cmd/compile/internal/escape/call.go index 4f602ca15f..e2235520e5 100644 --- a/src/cmd/compile/internal/escape/call.go +++ b/src/cmd/compile/internal/escape/call.go @@ -180,10 +180,14 @@ func (e *escape) callCommon(ks []hole, call ir.Node, init *ir.Nodes, wrapper *ir argument(e.discardHole(), &call.Args[i]) } - case ir.OLEN, ir.OCAP, ir.OREAL, ir.OIMAG, ir.OCLOSE, ir.OUNSAFESTRINGDATA, ir.OUNSAFESLICEDATA: + case ir.OLEN, ir.OCAP, ir.OREAL, ir.OIMAG, ir.OCLOSE: call := call.(*ir.UnaryExpr) argument(e.discardHole(), &call.X) + case ir.OUNSAFESTRINGDATA, ir.OUNSAFESLICEDATA: + call := call.(*ir.UnaryExpr) + argument(ks[0], &call.X) + case ir.OUNSAFEADD, ir.OUNSAFESLICE, ir.OUNSAFESTRING: call := call.(*ir.BinaryExpr) argument(ks[0], &call.X) diff --git a/test/fixedbugs/issue57823.go b/test/fixedbugs/issue57823.go new file mode 100644 index 0000000000..d6708f6de8 --- /dev/null +++ b/test/fixedbugs/issue57823.go @@ -0,0 +1,76 @@ +// run + +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "runtime" + "unsafe" +) + +//go:noinline +func g(x *byte) *byte { return x } + +func main() { + slice() + str("AAAAAAAA", "BBBBBBBBB") +} + +func wait(done <-chan struct{}) bool { + for i := 0; i < 10; i++ { + runtime.GC() + select { + case <-done: + return true + default: + } + } + return false +} + +func slice() { + s := make([]byte, 100) + s[0] = 1 + one := unsafe.SliceData(s) + + done := make(chan struct{}) + runtime.SetFinalizer(one, func(*byte) { close(done) }) + + h := g(one) + + if wait(done) { + panic("GC'd early") + } + + if *h != 1 { + panic("lost one") + } + + if !wait(done) { + panic("never GC'd") + } +} + +var strDone = make(chan struct{}) + +//go:noinline +func str(x, y string) { + s := x + y // put in temporary on stack + p := unsafe.StringData(s) + runtime.SetFinalizer(p, func(*byte) { close(strDone) }) + + if wait(strDone) { + panic("GC'd early") + } + + if *p != 'A' { + panic("lost p") + } + + if !wait(strDone) { + panic("never GC'd") + } +} |