reflect: keep pointer register results alive in callMethod

When callMethod calls the underlying method, after reflectcall
it gets the result registers in "Ints" slots but not in "Ptrs"
slots. If the GC runs at this point, it may lose track of those
pointers and free the memory they point to.

To make sure the GC sees the pointer results, copy "Ints" to
"Ptrs", and keep them alive until we return to the caller.

This fixes test/fixedbugs/issue27695.go with register ABI.

Change-Id: I4092c91bcbd6954683740a12d91d689900446875
Reviewed-on: https://go-review.googlesource.com/c/go/+/309909
Trust: Cherry Zhang <cherryyz@google.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/reflect/value.go b/src/reflect/value.go
index 7890c125d8..6f1a3c02d6 100644
--- a/src/reflect/value.go
+++ b/src/reflect/value.go
@@ -1023,6 +1023,9 @@ func callMethod(ctxt *methodValue, frame unsafe.Pointer, retValid *bool, regs *a
 	methodFrameSize = align(methodFrameSize, ptrSize)
 	methodFrameSize += methodABI.spill
 
+	// Mark pointers in registers for the return path.
+	methodRegs.ReturnIsPtr = methodABI.outRegPtrs
+
 	// Call.
 	// Call copies the arguments from scratch to the stack, calls fn,
 	// and then copies the results back into scratch.
@@ -1059,6 +1062,11 @@ func callMethod(ctxt *methodValue, frame unsafe.Pointer, retValid *bool, regs *a
 
 	// See the comment in callReflect.
 	runtime.KeepAlive(ctxt)
+
+	// Keep valueRegs alive because it may hold live pointer results.
+	// The caller (methodValueCall) has it as a stack object, which is only
+	// scanned when there is a reference to it.
+	runtime.KeepAlive(valueRegs)
 }
 
 // funcName returns the name of f, for use in error messages.