Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.23.12 2025-08-06T18:08:58Z 2025-08-06T18:08:58Z Gopher Robot gobot@golang.org 2025-08-06T18:05:37Z urn:sha1:dd8b7ad9268c2fbde675132a41b4e4da02eef94d Change-Id: Ibd36536a8c9d9c8d90f466d420a30d4e3162ff25 Reviewed-on: https://go-review.googlesource.com/c/go/+/693698 TryBot-Bypass: Gopher Robot <gobot@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2025-08-06T17:51:00Z Damien Neil dneil@google.com 2025-07-23T21:26:54Z urn:sha1:8a924caaf348fdc366bab906424616b2974ad4e9 A database/sql/driver.Rows can return database-owned data from Rows.Next. The driver.Rows documentation doesn't explicitly document the lifetime guarantees for this data, but a reasonable expectation is that the caller of Next should only access it until the next call to Rows.Close or Rows.Next. Avoid violating that constraint when a query is cancelled while a call to database/sql.Rows.Scan (note the difference between the two different Rows types!) is in progress. We previously took care to avoid closing a driver.Rows while the user has access to driver-owned memory via a RawData, but we could still close a driver.Rows while a Scan call was in the process of reading previously-returned driver-owned data. Update the fake DB used in database/sql tests to invalidate returned data to help catch other places we might be incorrectly retaining it. Updates #74831 Fixes #74832 Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Neal Patel <nealpatel@google.com> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2601 Reviewed-on: https://go-review.googlesource.com/c/go/+/693558 TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> 2025-07-30T20:35:04Z Olivier Mengué olivier.mengue@gmail.com 2025-06-30T14:58:59Z urn:sha1:8fa31a2d7d9e60c50a3a94080c097b6e65773f4b Fix incorrect expansion of "" and "." when $PATH contains an executable file or, on Windows, a parent directory of a %PATH% element contains an file with the same name as the %PATH% element but with one of the %PATHEXT% extension (ex: C:\utils\bin is in PATH, and C:\utils\bin.exe exists). Fix incorrect expansion of ".." when $PATH contains an element which is an the concatenation of the path to an executable file (or on Windows a path that can be expanded to an executable by appending a %PATHEXT% extension), a path separator and a name. "", "." and ".." are now rejected early with ErrNotFound. Fixes CVE-2025-47906 Fixes #74803 Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e Reviewed-on: https://go-review.googlesource.com/c/go/+/685755 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit e0b07dc22eaab1b003d98ad6d63cdfacc76c5c70) Reviewed-on: https://go-review.googlesource.com/c/go/+/691855 Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-07-28T17:45:08Z Keith Randall khr@golang.org 2025-07-21T17:09:35Z urn:sha1:e8794e650e05fad07a33fb6e3266a9e677d13fa8 That way, the frame is atomically popped. Previously, for big frames the SP was unwound in two steps (because arm64 can only add constants up to 1<<12 in a single instruction). Fixes #74693 Change-Id: I382c249194ad7bc9fc19607c27487c58d90d49e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/689235 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit f7cc61e7d7f77521e073137c6045ba73f66ef902) Reviewed-on: https://go-review.googlesource.com/c/go/+/689595 2025-07-28T17:45:01Z Dmitri Shuralyov dmitshur@golang.org 2025-07-23T18:01:42Z urn:sha1:6c9c80b61198430eedfd02c98d4f5baf8abd085e The failure is understood. Skip the test since it's failing without producing new information. For #73922. Fixes #74721. Change-Id: I339882e1a9772255b185a33daf8dee97f764f830 Reviewed-on: https://go-review.googlesource.com/c/go/+/689917 TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Michael Matloob <matloob@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-07-24T19:45:57Z Michael Anthony Knyszek mknyszek@google.com 2024-10-31T20:41:51Z urn:sha1:cea5be7739cb572204e4f41dd19f8bbbfc634034 Ever since we had to upgrade from our COS image, we've been experiencing TSAN test failures. My best guess is that the ASLR randomization entropy increased, causing TSAN to fail. TSAN already re-execs itself in Clang 18+ with ASLR disabled, so just execute the tests with ASLR disabled on Linux. For #59418. Fixes #74726. Change-Id: Icb4536ddf0f2f5e7850734564d40f5a208ab8d01 Cq-Include-Trybots: luci.golang.try:go1.23-linux-386,go1.23-linux-386-clang15,go1.23-linux-amd64-clang15,go1.23-linux-amd64-boringcrypto,go1.23-linux-amd64-goamd64v3 Reviewed-on: https://go-review.googlesource.com/c/go/+/623956 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Keith Randall <khr@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> (cherry picked from commit b813e6fd73e0925ca57f5b3ff6b0d991bb2e5aea) Reviewed-on: https://go-review.googlesource.com/c/go/+/690035 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> 2025-07-10T17:03:05Z Michael Pratt mpratt@google.com 2025-06-27T21:21:20Z urn:sha1:317a3c130e3b59171b3bd90e7a469fba76582444 findRunnable takes a snapshot of allp prior to dropping the P because afterwards procresize may mutate allp without synchronization. procresize is careful to never mutate the contents up to cap(allp), so findRunnable can still safely access the Ps in the slice. Unfortunately, growing allp is problematic. If procresize grows the allp backing array, it drops the reference to the old array. allpSnapshot still refers to the old array, but allpSnapshot is on the system stack in findRunnable, which also likely no longer has a P at all. This means that a future GC will not find the reference and can free the array and use it for another allocation. This would corrupt later reads that findRunnable does from the array. The fix is simple: the M struct itself is reachable by the GC, so we can stash the snapshot in the M to ensure it is visible to the GC. The ugliest part of the CL is the cleanup when we are done with the snapshot because there are so many return/goto top sites. I am tempted to put mp.clearAllpSnapshot() in the caller and at top to make this less error prone, at the expensive of extra unnecessary writes. For #74414. Fixes #74415. Change-Id: I6a6a636c484e4f4b34794fd07910b3fffeca830b Reviewed-on: https://go-review.googlesource.com/c/go/+/684460 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Pratt <mpratt@google.com> (cherry picked from commit 740857f529ce4074c7f9aa1d6f38db8c4a00246c) Reviewed-on: https://go-review.googlesource.com/c/go/+/685075 2025-07-08T17:00:23Z Gopher Robot gobot@golang.org 2025-07-08T16:35:25Z urn:sha1:0a75dd7c2dcf7057ef200290d8f5c4c1514dba80 Change-Id: I5fbdef19b5cb5f9f570f2b7d06e6c94400a0a17f Reviewed-on: https://go-review.googlesource.com/c/go/+/686437 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> TryBot-Bypass: Gopher Robot <gobot@golang.org> 2025-07-08T16:29:10Z Roland Shoemaker bracewell@google.com 2025-06-09T18:23:46Z urn:sha1:e9d2c032b14c17083be0f8f0c822565199d2994f Removes the somewhat redundant vcs.FromDir, "allowNesting" argument, which was always enabled, and disallow multiple VCS metadata folders being present in a single directory. This makes VCS injection attacks much more difficult. Also adds a GODEBUG, allowmultiplevcs, which re-enables this behavior. Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for reporting this issue. Updates #74380 Fixes #74382 Fixes CVE-2025-4674 Change-Id: I2db79f2baacfacfec331ee7c6978c4057d483eba Reviewed-on: https://go-review.googlesource.com/c/go/+/686337 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Commit-Queue: Carlos Amedee <carlos@golang.org> 2025-06-27T17:20:55Z Cherry Mui cherryyz@google.com 2025-06-26T19:46:31Z urn:sha1:e919b332534b520da300ecc84330dfaeede7669d Currently, if there is a BSS reference and a DATA symbol definition with the same name, we pick the DATA symbol, as it contains the right content. In this case, if the BSS reference has a larger size, we error out, because it is not safe to access a smaller symbol as if it has a larger size. Sometimes code declares a global variable in Go and defines it in assembly with content. They are expected to be of the same size. However, in ASAN mode, we insert a red zone for the variable on the Go side, making it have a larger size, whereas the assembly symbol is unchanged. This causes the Go reference (BSS) has a larger size than the assembly definition (DATA). It results in an error currently. This code is valid and safe, so we should permit that. We support this case by increasing the symbol size to match the larger size (of the BSS side). The symbol content (from the DATA side) is kept. In some sense, we merge the two symbols. When loading symbols, it is not easy to change its size (as the object file may be mapped read-only), so we add it to a fixup list, and fix it up later after all Go symbols are loaded. This is a very rare case, so the list should not be long. We could limit this to just ASAN mode. But it seems okay to allow this in general. As long as the symbol has the larger size, it is safe to access it with the larger size. Updates #74314. Fixes #74402. Change-Id: I3ee6e46161d8f59500e2b81befea11e563355a57 Reviewed-on: https://go-review.googlesource.com/c/go/+/684236 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> (cherry picked from commit 0f8ab2db177baee7b04182f5641693df3b212aa9) Reviewed-on: https://go-review.googlesource.com/c/go/+/684456 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>