Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.19.2 2022-10-04T17:43:19Z 2022-10-04T17:43:19Z Gopher Robot gobot@golang.org 2022-10-04T17:10:28Z urn:sha1:895664482c0ebe5cec4a6935615a1e9610bbf1e3 Change-Id: Ia5de3a0fa07f212c5c19f9e01b0ed2cfab739e95 Reviewed-on: https://go-review.googlesource.com/c/go/+/438598 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Run-TryBot: Gopher Robot <gobot@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> 2022-10-04T17:08:16Z Russ Cox rsc@golang.org 2022-09-28T15:18:51Z urn:sha1:645abfe529dc325e16daa17210640c2907d1c17a Set a 128 MB limit on the amount of space used by []syntax.Inst in the compiled form corresponding to a given regexp. Also set a 128 MB limit on the rune storage in the *syntax.Regexp tree itself. Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue. Fixes CVE-2022-41715. Updates #55949. Fixes #55951. Change-Id: Ia656baed81564436368cf950e1c5409752f28e1b Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1592047 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/438499 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> 2022-10-04T17:07:45Z Damien Neil dneil@google.com 2022-09-03T03:45:18Z urn:sha1:4fa773cdefd20be093c84f731be7d4febf5536fa Set a 1MiB limit on special file blocks (PAX headers, GNU long names, GNU link names), to avoid reading arbitrarily large amounts of data into memory. Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue. Fixes CVE-2022-2879 Updates #54853 Fixes #55926 Change-Id: I85136d6ff1e0af101a112190e027987ab4335680 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1565555 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> (cherry picked from commit 6ee768cef6b82adf7a90dcf367a1699ef694f3b2) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1591053 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/438498 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Carlos Amedee <carlos@golang.org> 2022-09-28T16:36:28Z Damien Neil dneil@google.com 2022-09-22T20:32:00Z urn:sha1:f6d844510d5f1e3b3098eba255d9b633d45eac3b Query parameter smuggling occurs when a proxy's interpretation of query parameters differs from that of a downstream server. Change ReverseProxy to avoid forwarding ignored query parameters. Remove unparsable query parameters from the outbound request * if req.Form != nil after calling ReverseProxy.Director; and * before calling ReverseProxy.Rewrite. This change preserves the existing behavior of forwarding the raw query untouched if a Director hook does not parse the query by calling Request.ParseForm (possibly indirectly). Fixes #55843 For #54663 For CVE-2022-2880 Change-Id: If1621f6b0e73a49d79059dae9e6b256e0ff18ca9 Reviewed-on: https://go-review.googlesource.com/c/go/+/432976 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/433735 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2022-09-21T22:25:31Z Cuong Manh Le cuong.manhle.vn@gmail.com 2022-09-16T03:41:15Z urn:sha1:2614985ef7d252004c8bd2edddb7314446964874 Now we have 8-byte alignment types on 32-bit system, so in some rare case, e.g, generated wrapper for embedded interface, the function argument may need more than 4 byte alignment. We could pad somehow, but this is a rare case which makes it hard to ensure that we've got it right. So relaxing the check for argument and return value region of the stack. Fixes #55152 Change-Id: I34986e17a920254392a39439ad3dcb323da2ea8d Reviewed-on: https://go-review.googlesource.com/c/go/+/431098 Reviewed-by: Keith Randall <khr@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com> Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/431895 2022-09-21T21:03:45Z Matthew Dempsky mdempsky@google.com 2022-09-08T21:31:42Z urn:sha1:3747bb2482b7ffccd7eafcf3be1df2de97427c1c The nounified frontend currently tries to construct dictionaries that correspond to invalid instantiations (i.e., instantiations T[X] where X does not satisfy the constraints specified on T's type parameter). As a consequence, we may fail to find method expressions needed by the dictionary. The real fix for this is to avoid creating those dictionaries in the first place, because they should never actually be needed at runtime. But that seems scary for a backport: we've repeatedly attempted to backport generics fixes, which have fixed one issue but introduced another. This CL is a minimally invasive solution to #54225, which avoids the ICE by instead skipping emitting the invalid dictionary. If the dictionary ends up not being needed (which I believe will always be the case), then the linker's reachability analysis will simply ignore its absence. Or worst case, if the dictionary *is* reachable somehow, we've simply turned an ICE into a link-time missing symbol failure. That's not great for user experience, but it seems like a small trade off to avoid risking breaking any other currently working code. Fixes #55270. Change-Id: Ic379696079f4729b1dd6a66994a58cca50281a84 Reviewed-on: https://go-review.googlesource.com/c/go/+/429655 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Keith Randall <khr@golang.org> Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/429895 Reviewed-by: Keith Randall <khr@google.com> 2022-09-21T21:01:06Z Cherry Mui cherryyz@google.com 2022-09-15T01:01:04Z urn:sha1:11728b38dc05b3b82fe5b98b0b5ce7263a3758aa Apparently the new darwin linker starts to emit a warning about -no_pie deprecation. Maybe we want to switch to PIE by default. For now, suppress the warning. This also makes it easier for backporting to previous releases. Fixes #55114. Updates #55112, #54482. Change-Id: I1a3b74c237a9d00ec3b030fc3a9940a31e5cd37e Reviewed-on: https://go-review.googlesource.com/c/go/+/430937 Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit 706d84fca2b36fdf670a0d921e6a8a3b481eaa05) Reviewed-on: https://go-review.googlesource.com/c/go/+/431517 2022-09-21T20:30:26Z Cherry Mui cherryyz@google.com 2022-09-14T23:50:00Z urn:sha1:064f34f048f7d47c786a13b50d13b973bb9feeda We added -pagezero_size in CL 72730, where it was intented for iOS. The current code passes it only on macOS/AMD64 instead. It is not really necessary there. Also, the new darwin linker starts to emit a warning about deprecation of the flag. Stop passing it. For #55114. Updates #55112, #54482. Change-Id: If9db7a1645c37d4284e48f075856912df8d8c1a0 Reviewed-on: https://go-review.googlesource.com/c/go/+/430936 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> (cherry picked from commit 5231ba2f054f2ecb1387bad00b8745d6fe532ea4) Reviewed-on: https://go-review.googlesource.com/c/go/+/431515 Reviewed-by: Austin Clements <austin@google.com> 2022-09-21T20:26:19Z Robert Griesemer gri@golang.org 2022-09-12T22:51:32Z urn:sha1:a366ed5982d674d7e468ccc5f8b6c5b8a402a00a Includes cases where the core type of the variadic parameter is a slice or bytestring. Permits a client to create the signature for various instantiations of append. Fixes #55149. Change-Id: I0f4983eb00c088cbe1d87954ee0b2df0ccc3bc49 Reviewed-on: https://go-review.googlesource.com/c/go/+/430455 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Robert Findley <rfindley@google.com> Auto-Submit: Robert Griesemer <gri@google.com> Reviewed-by: Robert Griesemer <gri@google.com> Run-TryBot: Robert Griesemer <gri@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/431935 2022-09-21T20:24:34Z Keith Randall khr@golang.org 2022-09-17T22:52:35Z urn:sha1:4b0e03da0e0c096b8e695d9e564a8ceac99f2d76 The type of the source and destination of a memmove call isn't always accurate. It will always be a pointer (or an unsafe.Pointer), but the base type might not be accurate. This comes about because multiple copies of a pointer with different base types are coalesced into a single value. In the failing example, the IData selector of the input argument is a *[32]byte in one branch of the type switch, and a *[]byte in the other branch. During the expand_calls pass both IDatas become just copies of the input register. Those copies are deduped and an arbitrary one wins (in this case, *[]byte is the unfortunate winner). Generally an op v can rely on v.Type during rewrite rules. But relying on v.Args[i].Type is discouraged. Fixes #55124 Change-Id: I348fd9accf2058a87cd191eec01d39cda612f120 Reviewed-on: https://go-review.googlesource.com/c/go/+/431496 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit e283473ebbebf4a80db166e7e852d03c5cff1a61) Reviewed-on: https://go-review.googlesource.com/c/go/+/431917