reflect: fix map type generation

If a map variable is created with reflect.New it has incorrect type (map[unsafe.Pointer]unsafe.Pointer). If GC follows such pointer, it scans Hmap and buckets with incorrect type. This can lead to overscan of up to 120 bytes for map[int8]struct{}. Which in turn can lead to crash if the memory after a bucket object is unaddressable or false retention (buckets are scanned as arrays of unsafe.Pointer). I don't see how it can lead to heap corruptions, though. LGTM=khr R=rsc, khr CC=golang-codereviews https://codereview.appspot.com/96270044
author: Dmitriy Vyukov <dvyukov@google.com> 2014-05-13 09:53:47 +0400
committer: Dmitriy Vyukov <dvyukov@google.com> 2014-05-13 09:53:47 +0400
commit: ffe57a03e48ccefc3fe89d480cd3afc761e72e8f (patch)
tree: 5871cf4cea315986a03395d70475bb0b0162f9a0 /src/pkg/reflect
parent: 8f34b1a92f27af39aa787e4c05bdcdb0c1beb160 (diff)
download: go-ffe57a03e48ccefc3fe89d480cd3afc761e72e8f.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/pkg/reflect/type.go b/src/pkg/reflect/type.go
index 5a4ac8cf7..40d76f99d 100644
--- a/src/pkg/reflect/type.go
+++ b/src/pkg/reflect/type.go
@@ -1541,6 +1541,13 @@ func MapOf(key, elem Type) Type {
 	mt.uncommonType = nil
 	mt.ptrToThis = nil
 	mt.zero = unsafe.Pointer(&make([]byte, mt.size)[0])
+	mt.gc = unsafe.Pointer(&ptrGC{
+		width:  unsafe.Sizeof(uintptr(0)),
+		op:     _GC_PTR,
+		off:    0,
+		elemgc: mt.hmap.gc,
+		end:    _GC_END,
+	})
 
 	// INCORRECT. Uncomment to check that TestMapOfGC and TestMapOfGCValues
 	// fail when mt.gc is wrong.
author	Dmitriy Vyukov <dvyukov@google.com>	2014-05-13 09:53:47 +0400
committer	Dmitriy Vyukov <dvyukov@google.com>	2014-05-13 09:53:47 +0400
commit	ffe57a03e48ccefc3fe89d480cd3afc761e72e8f (patch)
tree	5871cf4cea315986a03395d70475bb0b0162f9a0 /src/pkg/reflect
parent	8f34b1a92f27af39aa787e4c05bdcdb0c1beb160 (diff)
download	go-ffe57a03e48ccefc3fe89d480cd3afc761e72e8f.tar.gz