go, branch go1.16.10

[release-branch.go1.16] go1.16.10

2021-11-04T13:55:28Z

Change-Id: I872971806a723e6add42bb78f91a8ef8586f3d58 Reviewed-on: https://go-review.googlesource.com/c/go/+/361199 Trust: Than McIntosh Run-TryBot: Than McIntosh TryBot-Result: Go Bot Reviewed-by: Dmitri Shuralyov

[release-branch.go1.16] archive/zip: don't panic on (*Reader).Open

2021-11-03T16:57:50Z

Previously, opening a zip with (*Reader).Open could result in a panic if the zip contained a file whose name was exclusively made up of slash characters or ".." path elements. Open could also panic if passed the empty string directly as an argument. Now, any files in the zip whose name could not be made valid for fs.FS.Open will be skipped, and no longer added to the fs.FS file list, although they are still accessible through (*Reader).File. Note that it was already the case that a file could be accessible from (*Reader).Open with a name different from the one in (*Reader).File, as the former is the cleaned name, while the latter is the original one. Finally, made the actual panic site robust as a defense-in-depth measure. Fixes CVE-2021-41772 Fixes #48251 Updates #48085 Co-authored-by: Filippo Valsorda Change-Id: I6271a3f2892e7746f52e213b8eba9a1bba974678 Reviewed-on: https://go-review.googlesource.com/c/go/+/349770 Run-TryBot: Filippo Valsorda Reviewed-by: Katie Hockman Reviewed-by: Filippo Valsorda Trust: Katie Hockman Trust: Julie Qiu (cherry picked from commit b24687394b55a93449e2be4e6892ead58ea9a10f) Reviewed-on: https://go-review.googlesource.com/c/go/+/360858 Trust: Dmitri Shuralyov Run-TryBot: Dmitri Shuralyov TryBot-Result: Go Bot

[release-branch.go1.16] net/http: update bundled golang.org/x/net/http2

2021-11-01T21:27:26Z

Pull in approved backports to golang.org/x/net/http2: d8c3cde set ContentLength to -1 for HEAD response with no Content-Length 7b24c0a set Response.ContentLength to 0 when headers end stream c4031f5 don't abort half-closed streams on server connection close 2f744fa on write errors, close ClientConn before returning from RoundTrip 275be3f deflake TestTransportReqBodyAfterResponse_200 d26011a close the Request's Body when aborting a stream e5dd05d return unexpected eof on empty response with non-zero content length 640e170 don't rely on system TCP buffer sizes in TestServer_MaxQueuedControlFrames 198b78c detect write-blocked PING frames 20ed279 avoid race in TestTransportReqBodyAfterResponse_403. d585ef0 avoid clientConnPool panic when NewClientConn fails d06dfc7 avoid extra GetConn trace call 1760f31 refactor request write flow 6e87631 remove PingTimeout from TestTransportPingWhenReading b843c7d fix Transport connection pool TOCTOU max concurrent stream bug ab1d67c shut down idle Transport connections after protocol errors 3741e47 remove check for read-after-close of request bodies 2df4c53 fix race in DATA frame padding refund d7eefc9 avoid blocking while holding ClientConn.mu 78e8d65 fix off-by-one error in client check for max concurrent streams 828651b close request body after early RoundTrip failures 59c0c25 limit client initial MAX_CONCURRENT_STREAMS 524fcad make Transport not reuse conns after a stream protocol error 0fe5f8a accept zero-length block fragments in HEADERS frames 0e5043f close the request body if needed bb4ce86 reduce frameScratchBuffer caching aggressiveness 3112343 also set "http/1.1" ALPN in ConfigureServer 63939f4 switch to ASCII equivalents of string functions 54161af use (*tls.Dialer).DialContext in dialTLS 75b906f discard DATA frames with higher stream IDs during graceful shutdown 1dfe517 rework Ping test to rely less on timing By doing: $ go get -d golang.org/x/net@internal-branch.go1.16-vendor go get: upgraded golang.org/x/net v0.0.0-20210901185431-d2e9a4ea682f => v0.0.0-20211101194150-d8c3cde3c676 $ go mod tidy $ go mod vendor $ go generate -run=bundle std Fixes #49076. Fixes #48822. Fixes #48649. Change-Id: Ie17f327eef2b6e6a9a1ac7635c5c4daef792e893 Reviewed-on: https://go-review.googlesource.com/c/go/+/359774 Trust: Dmitri Shuralyov Run-TryBot: Dmitri Shuralyov TryBot-Result: Go Bot Reviewed-by: Damien Neil

[release-branch.go1.16] debug/macho: fail on invalid dynamic symbol table command

2021-10-29T19:42:43Z

Fail out when loading a file that contains a dynamic symbol table command that indicates a larger number of symbols than exist in the loaded symbol table. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. Updates #48990 Fixes #48991 Fixes CVE-2021-41771 Change-Id: Ic3d6e6529241afcc959544b326b21b663262bad5 Reviewed-on: https://go-review.googlesource.com/c/go/+/355990 Reviewed-by: Julie Qiu Reviewed-by: Katie Hockman Reviewed-by: Emmanuel Odeke Run-TryBot: Roland Shoemaker TryBot-Result: Go Bot Trust: Katie Hockman (cherry picked from commit 61536ec03063b4951163bd09609c86d82631fa27) Reviewed-on: https://go-review.googlesource.com/c/go/+/359454 Reviewed-by: Dmitri Shuralyov

[release-branch.go1.16] cmd/link: increase reserved space for passing env on wasm

2021-10-28T18:01:38Z

On wasm, the wasm_exec.js helper passes the command line arguments and environment variables via a reserved space in the wasm linear memory. Increase this reserved space from 4096 to 8192 bytes so more environment variables can fit into the limit. Later, after https://golang.org/cl/350737 landed, we can switch to the WASI interface for getting the arguments and environment. This would remove the limit entirely. Updates #49011. Fixes #49153. Change-Id: I48a6e952a97d33404ed692c98e9b49c5cd6b269b Reviewed-on: https://go-review.googlesource.com/c/go/+/358194 Trust: Richard Musiol Run-TryBot: Richard Musiol TryBot-Result: Go Bot Reviewed-by: Cherry Mui (cherry picked from commit 252324e879e32f948d885f787decf8af06f82be9) Reviewed-on: https://go-review.googlesource.com/c/go/+/359400 Trust: Dmitri Shuralyov Run-TryBot: Dmitri Shuralyov

[release-branch.go1.16] runtime: consistently access pollDesc r/w Gs with atomics

2021-10-28T15:31:34Z

Both netpollblock and netpollunblock read gpp using a non-atomic load. When consuming a ready event, netpollblock clears gpp using a non-atomic store, thus skipping a barrier. Thus on systems with weak memory ordering, a sequence like so this is possible: T1 T2 1. netpollblock: read gpp -> pdReady 2. netpollblock: store gpp -> 0 3. netpollunblock: read gpp -> pdReady 4. netpollunblock: return i.e., without a happens-before edge between (2) and (3), netpollunblock may read the stale value of gpp. Switch these access to use atomic loads and stores in order to create these edges. For ease of future maintainance, I've simply changed rg and wg to always be accessed atomically, though I don't believe pollOpen or pollClose require atomics today. For #48925 Fixes #49009 Change-Id: I903ea667eea320277610b4f969129935731520c3 Reviewed-on: https://go-review.googlesource.com/c/go/+/355952 Trust: Michael Pratt Run-TryBot: Michael Pratt TryBot-Result: Go Bot Reviewed-by: Michael Knyszek Reviewed-by: David Chase (cherry picked from commit 1b072b3ed56c18619587354f499fcda5279718a2) Reviewed-on: https://go-review.googlesource.com/c/go/+/356370

[release-branch.go1.16] cmd/compile: ensure constant shift amounts are in range for arm

2021-10-27T21:14:21Z

Ensure constant shift amounts are in the range [0-31]. When shift amounts are out of range, bad things happen. Shift amounts out of range occur when lowering 64-bit shifts (we take an in-range shift s in [0-63] and calculate s-32 and 32-s, both of which might be out of [0-31]). The constant shift operations themselves still work, but their shift amounts get copied unmolested to operations like ORshiftLL which use only the low 5 bits. That changes an operation like <<100 which unconditionally produces 0, to <<4, which doesn't. Fixes #48478 Change-Id: I87363ef2b4ceaf3b2e316426064626efdfbb8ee3 Reviewed-on: https://go-review.googlesource.com/c/go/+/350969 Trust: Keith Randall Run-TryBot: Keith Randall TryBot-Result: Go Bot Reviewed-by: Cherry Mui (cherry picked from commit eff27e858b771bf5e0b5e7e836827c7d2941e6d4) Reviewed-on: https://go-review.googlesource.com/c/go/+/351070 Reviewed-by: Austin Clements

[release-branch.go1.16] cmd/compile: fix simplification rules on arm/arm64

2021-10-27T20:42:13Z

Fixes #48474 Change-Id: Ic1e918f916eae223a3b530a51a58f03031924670 Reviewed-on: https://go-review.googlesource.com/c/go/+/350913 Trust: Keith Randall Run-TryBot: Keith Randall TryBot-Result: Go Bot Reviewed-by: Cherry Mui Reviewed-on: https://go-review.googlesource.com/c/go/+/351072 Reviewed-by: Austin Clements

[release-branch.go1.16] go1.16.9

2021-10-07T19:49:45Z

Change-Id: I7328dd94a85b97ec8c3ecf4f56eca9c56a6d806e Reviewed-on: https://go-review.googlesource.com/c/go/+/354593 Trust: Michael Knyszek Run-TryBot: Michael Knyszek Reviewed-by: Heschi Kreinick TryBot-Result: Go Bot

[release-branch.go1.16] misc/wasm, cmd/link: do not let command line args overwrite global data

2021-10-07T14:55:06Z

On Wasm, wasm_exec.js puts command line arguments at the beginning of the linear memory (following the "zero page"). Currently there is no limit for this, and a very long command line can overwrite the program's data section. Prevent this by limiting the command line to 4096 bytes, and in the linker ensuring the data section starts at a high enough address (8192). (Arguably our address assignment on Wasm is a bit confusing. This is the minimum fix I can come up with.) Thanks to Ben Lubar for reporting this issue. Change by Cherry Mui . For #48797 Fixes #48799 Fixes CVE-2021-38297 Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933 Reviewed-by: Roland Shoemaker Reviewed-by: Than McIntosh Reviewed-on: https://go-review.googlesource.com/c/go/+/354591 Trust: Michael Knyszek Reviewed-by: Heschi Kreinick