Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.23.1 2024-09-05T15:20:23Z 2024-09-05T15:20:23Z Gopher Robot gobot@golang.org 2024-09-05T15:06:10Z urn:sha1:69234ded30614a471c35cef5d87b0e0d3c136cd9 Change-Id: I1f2dab5560d3214c8934074a53f7750d8d431936 Reviewed-on: https://go-review.googlesource.com/c/go/+/611196 Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Commit-Queue: Gopher Robot <gobot@golang.org> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> 2024-09-05T14:55:17Z Roland Shoemaker bracewell@google.com 2024-06-20T17:45:30Z urn:sha1:032ac075c20c01c6c35a672d1542d3e98eab84ea Limit the size of build constraints that we will parse. This prevents a number of stack exhaustions that can be hit when parsing overly complex constraints. The imposed limits are unlikely to ever be hit in real world usage. Updates #69141 Fixes #69149 Fixes CVE-2024-34158 Change-Id: I38b614bf04caa36eefc6a4350d848588c4cef3c4 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1540 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@google.com> (cherry picked from commit 0c74dc9e0da0cf1e12494b514d822b5bebbc9f04) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1562 Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/611177 Reviewed-by: Michael Pratt <mpratt@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> 2024-09-05T14:55:14Z Roland Shoemaker bracewell@google.com 2024-05-03T13:21:39Z urn:sha1:fa8ff1a46deb6c816304441ec6740ec112e19012 This change makes sure that we are properly checking the ignored field recursion depth in decIgnoreOpFor consistently. This prevents stack exhaustion when attempting to decode a message that contains an extremely deeply nested struct which is ignored. Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue. Updates #69139 Fixes #69145 Fixes CVE-2024-34156 Change-Id: Iacce06be95a5892b3064f1c40fcba2e2567862d6 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1440 Reviewed-by: Russ Cox <rsc@google.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit 9f2ea73c5f2a7056b7da5d579a485a7216f4b20a) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1581 Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/611176 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> 2024-09-05T14:55:11Z Roland Shoemaker bracewell@google.com 2024-06-10T22:34:12Z urn:sha1:53487e5477151ed75da50e50a0ba8f1ca64c00a3 Prevents stack exhaustion with extremely deeply nested literal values, i.e. field values in structs. Updates #69138 Fixes #69143 Fixes CVE-2024-34155 Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520 Reviewed-by: Robert Griesemer <gri@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Russ Cox <rsc@google.com> (cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e) Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1560 Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/611175 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Pratt <mpratt@google.com> 2024-08-29T00:09:27Z Michael Pratt mpratt@google.com 2024-08-28T21:45:44Z urn:sha1:3d1f1f27cf2f524dc17697f8058162ada850d61e Update x/telemetry to fix #68976 and #68946. Commands run: go get golang.org/x/telemetry@internal-branch.go1.23-vendor go mod tidy go mod vendor Fixes #68994. Fixes #68995. Change-Id: I63b892ad4c313aa92f21fbd4f519a0b19d725849 Reviewed-on: https://go-review.googlesource.com/c/go/+/609355 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Robert Findley <rfindley@google.com> 2024-08-28T18:37:00Z Nic Klaassen nic@nicklaassen.ca 2024-08-22T23:37:00Z urn:sha1:6de5a7180cc6459235895c76c792a7f15be5625d The current implementation has a panic when the database is closed concurrently with a new connection attempt. connRequestSet.CloseAndRemoveAll sets connRequestSet.s to a nil slice. If this happens between calls to connRequestSet.Add and connRequestSet.Delete, there is a panic when trying to write to the nil slice. This is sequence is likely to occur in DB.conn, where the mutex is released between calls to db.connRequests.Add and db.connRequests.Delete This change updates connRequestSet.CloseAndRemoveAll to set the curIdx to -1 for all pending requests before setting its internal slice to nil. CloseAndRemoveAll already iterates the full slice to close all the request channels. It seems appropriate to set curIdx to -1 before deleting the slice for 3 reasons: 1. connRequestSet.deleteIndex also sets curIdx to -1 2. curIdx will not be relevant to anything after the slice is set to nil 3. connRequestSet.Delete already checks for negative indices For #68949 Fixes #69041 Change-Id: I6b7ebc5a71b67322908271d13865fa12f2469b87 GitHub-Last-Rev: 7d2669155b24043dd9d276f915689511572f2e49 GitHub-Pull-Request: golang/go#68953 Reviewed-on: https://go-review.googlesource.com/c/go/+/607238 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@golang.org> Commit-Queue: Ian Lance Taylor <iant@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> (cherry picked from commit 08707d66c350927560faa11b0c195d37d281ab89) Reviewed-on: https://go-review.googlesource.com/c/go/+/609255 2024-08-28T18:10:23Z Tim King taking@google.com 2024-08-15T23:48:42Z urn:sha1:9625a7faaefd85ce9dd0b7efbaad7731c2018200 Unalias the ~T terms during underIs. Before, if T was an alias of U, it may pass T to the iteration function. The iterator function expects an underlying type, under(U), to be passed. This caused several bugs where underIs is used without eventually taking the underlying type. Fixes #68905 Change-Id: Ie8691d8dddaea00e1dcba94d17c0f1b021fc49a2 Reviewed-on: https://go-review.googlesource.com/c/go/+/606075 Reviewed-by: Robert Griesemer <gri@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Robert Findley <rfindley@google.com> (cherry picked from commit 1a90dcdaaf46d9dd0ee61781dcb9b6e05b80d926) Reviewed-on: https://go-review.googlesource.com/c/go/+/607635 2024-08-28T17:42:20Z Michael Anthony Knyszek mknyszek@google.com 2024-08-27T15:34:10Z urn:sha1:9c939a1e60ba1fa89251b5ef43793542aa68ff4e As of CL 580255, the runtime tracks the frame pointer (or base pointer, bp) when entering syscalls, so that we can use fpTracebackPCs on goroutines that are sitting in syscalls. That CL mostly got things right, but missed one very subtle detail. When calling from Go->C->Go, the goroutine stack performing the calls when returning to Go is free to move around in memory due to growth, shrinking, etc. But upon returning back to C, it needs to restore gp.syscall*, including gp.syscallsp and gp.syscallbp. The way syscallsp currently gets updated is automagically: it's stored as an unsafe.Pointer on the stack so that it shows up in a stack map. If the stack ever moves, it'll get updated correctly. But gp.syscallbp isn't saved to the stack as an unsafe.Pointer, but rather as a uintptr, so it never gets updated! As a result, in rare circumstances, fpTracebackPCs can correctly try to use gp.syscallbp as the starting point for the traceback, but the value is stale. This change fixes the problem by just storing gp.syscallbp to the stack on cgocallback as an unsafe.Pointer, like gp.syscallsp. It also adds a comment documenting this subtlety; the lack of explanation for the unsafe.Pointer type on syscallsp meant this detail was missed -- let's not miss it again in the future. Now, we have a fix, what about a test? Unfortunately, testing this is going to be incredibly annoying because the circumstances under which gp.syscallbp are actually used for traceback are non-deterministic and hard to arrange, especially from within testprogcgo where we don't have export_test.go and can't reach into the runtime. So, instead, add a gp.syscallbp check to reentersyscall and entersyscallblock that mirrors the gp.syscallbp consistency check. This probably causes some miniscule slowdown to the syscall path, but it'll catch the issue without having to actually perform a traceback. For #69085. Fixes #69087. Change-Id: Iaf771758f1666024b854f5fbe2b2c63cbe35b201 Reviewed-on: https://go-review.googlesource.com/c/go/+/608775 Reviewed-by: Nick Ripley <nick.ripley@datadoghq.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> (cherry picked from commit 54fe0fd43fcf8609666c16ae6d15ed92873b1564) Reviewed-on: https://go-review.googlesource.com/c/go/+/608835 2024-08-28T15:43:17Z Michael Matloob matloob@golang.org 2024-08-16T19:13:39Z urn:sha1:7afe17bbdb961df3a7163f4d725bedc1c008571f Change the rules for how //go:build "file versions" are applied: instead of considering whether a file version is an upgrade or downgrade from the -lang version, always use max(fileVersion, go1.21). This prevents file versions from downgrading the version below go1.21. Before Go 1.21 the //go:build version did not have the meaning of setting the file's langage version. This fixes an issue that was appearing in GOPATH builds: Go 1.23.0 started providing -lang versions to the compiler in GOPATH mode (among other places) which it wasn't doing before, and it set -lang to the toolchain version (1.23). Because the -lang version was greater than go1.21, language version used to compile the file would be set to the //go:build file version. //go:build file versions below 1.21 could cause files that could previously build to stop building. For example, take a Go file with a //go:build line specifying go1.10. If that file used a 1.18 feature, that use would compile fine with a Go 1.22 toolchain. But it would produce an error when compiling with the 1.23.0 toolchain because it set the language version to 1.10 and disallowed the 1.18 feature. This breaks backwards compatibility: when the build tag was added, it did not have the meaning of restricting the language version. For #68658 Fixes #69094 Change-Id: I6cedda81a55bcccffaa3501eef9e2be6541b6ece Reviewed-on: https://go-review.googlesource.com/c/go/+/607955 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Robert Griesemer <gri@google.com> (cherry picked from commit aeac0b6cbfb42bc9c9301913a191bb09454d316a) Reviewed-on: https://go-review.googlesource.com/c/go/+/608935 2024-08-21T20:26:47Z Paul E. Murphy murp@ibm.com 2024-08-19T20:08:14Z urn:sha1:8002845759484ad55c8194199ec065d228ede6b2 The AIX ABI requires allocating parameter save space when calling a function, even if the arguments are passed via registers. gcc sometimes uses this space. In the case of the cgo c-archive tests, it clobbered the storage space of argc/argv which prevented the test program from running the expected test. Fixes #68973 Change-Id: I8a267b463b1abb2b37ac85231f6c328f406b7515 Reviewed-on: https://go-review.googlesource.com/c/go/+/606895 Reviewed-by: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Paul Murphy <murp@ibm.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/607195 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>