diff options
author | Dmitriy Vyukov <dvyukov@google.com> | 2014-05-13 09:53:47 +0400 |
---|---|---|
committer | Dmitriy Vyukov <dvyukov@google.com> | 2014-05-13 09:53:47 +0400 |
commit | ffe57a03e48ccefc3fe89d480cd3afc761e72e8f (patch) | |
tree | 5871cf4cea315986a03395d70475bb0b0162f9a0 /src/pkg/reflect | |
parent | 8f34b1a92f27af39aa787e4c05bdcdb0c1beb160 (diff) | |
download | go-ffe57a03e48ccefc3fe89d480cd3afc761e72e8f.tar.gz |
reflect: fix map type generation
If a map variable is created with reflect.New it has incorrect type (map[unsafe.Pointer]unsafe.Pointer).
If GC follows such pointer, it scans Hmap and buckets with incorrect type.
This can lead to overscan of up to 120 bytes for map[int8]struct{}.
Which in turn can lead to crash if the memory after a bucket object is unaddressable
or false retention (buckets are scanned as arrays of unsafe.Pointer).
I don't see how it can lead to heap corruptions, though.
LGTM=khr
R=rsc, khr
CC=golang-codereviews
https://codereview.appspot.com/96270044
Diffstat (limited to 'src/pkg/reflect')
-rw-r--r-- | src/pkg/reflect/type.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/pkg/reflect/type.go b/src/pkg/reflect/type.go index 5a4ac8cf7..40d76f99d 100644 --- a/src/pkg/reflect/type.go +++ b/src/pkg/reflect/type.go @@ -1541,6 +1541,13 @@ func MapOf(key, elem Type) Type { mt.uncommonType = nil mt.ptrToThis = nil mt.zero = unsafe.Pointer(&make([]byte, mt.size)[0]) + mt.gc = unsafe.Pointer(&ptrGC{ + width: unsafe.Sizeof(uintptr(0)), + op: _GC_PTR, + off: 0, + elemgc: mt.hmap.gc, + end: _GC_END, + }) // INCORRECT. Uncomment to check that TestMapOfGC and TestMapOfGCValues // fail when mt.gc is wrong. |