go-fedora

Clone
Source Code
GIT

3a275aa [release-branch.go1.13] runtime: fix rounding in materializeGCProg

2 files Authored by Austin Clements 4 years ago, Committed by Andrew Bonventre 4 years ago,
raw patch tree parent
2 files changed. 12 lines added. 1 lines removed.
src/runtime/mbitmap.go
file modified
+5 -1
src/runtime/stubs.go
file modified
+7 -0 
    [release-branch.go1.13] runtime: fix rounding in materializeGCProg
    
    materializeGCProg allocates a temporary buffer for unrolling a GC
    program. Unfortunately, when computing the size of the buffer, it
    rounds *down* the number of bytes needed to store bitmap before
    rounding up the number of pages needed to store those bytes. The fact
    that it rounds up to pages usually mitigates the rounding down, but
    the type from #37470 exists right on the boundary where this doesn't
    work:
    
    type Sequencer struct {
    	htable [1 << 17]uint32
    	buf    []byte
    }
    
    On 64-bit, this GC bitmap is exactly 8 KiB of zeros, followed by three
    one bits. Hence, this needs 8193 bytes of storage, but the current
    math in materializeGCProg rounds *down* the three one bits to 8192
    bytes. Since this is exactly pageSize, the next step of rounding up to
    the page size doesn't mitigate this error, and materializeGCProg
    allocates a buffer that is one byte too small. runGCProg then writes
    one byte past the end of this buffer, causing either a segfault (if
    you're lucky!) or memory corruption.
    
    Updates #37470.
    Fixes #37483.
    
    Change-Id: Iad24c463c501cd9b1dc1924bc2ad007991a094a0
    Reviewed-on: https://go-review.googlesource.com/c/go/+/224418
    Run-TryBot: Austin Clements <austin@google.com>
    Reviewed-by: Cherry Zhang <cherryyz@google.com>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
file modified
+5 -1
file modified
+7 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.