Fork of Go programming language with my patches. http://git.kilabit.info/go/atom?h=go1.24.6 2025-08-06T18:07:24Z 2025-08-06T18:07:24Z Gopher Robot gobot@golang.org 2025-08-06T18:00:41Z urn:sha1:7f36edc26d4e3becb6d9c9008ff00f260bb19055 Change-Id: I01fc50fa6e6ea1bd93cbbd17885a8934bf97b223 Reviewed-on: https://go-review.googlesource.com/c/go/+/693715 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Gopher Robot <gobot@golang.org> TryBot-Bypass: Gopher Robot <gobot@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> 2025-08-06T17:49:43Z Damien Neil dneil@google.com 2025-07-23T21:26:54Z urn:sha1:83b4a5db240960720e51b7d5a6da1f399bd868ee A database/sql/driver.Rows can return database-owned data from Rows.Next. The driver.Rows documentation doesn't explicitly document the lifetime guarantees for this data, but a reasonable expectation is that the caller of Next should only access it until the next call to Rows.Close or Rows.Next. Avoid violating that constraint when a query is cancelled while a call to database/sql.Rows.Scan (note the difference between the two different Rows types!) is in progress. We previously took care to avoid closing a driver.Rows while the user has access to driver-owned memory via a RawData, but we could still close a driver.Rows while a Scan call was in the process of reading previously-returned driver-owned data. Update the fake DB used in database/sql tests to invalidate returned data to help catch other places we might be incorrectly retaining it. Updates #74831 Fixes #74833 Change-Id: Ice45b5fad51b679c38e3e1d21ef39156b56d6037 Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2540 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Neal Patel <nealpatel@google.com> Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2620 Reviewed-on: https://go-review.googlesource.com/c/go/+/693616 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Mark Freeman <markfreeman@google.com> 2025-07-30T20:59:28Z Olivier Mengué olivier.mengue@gmail.com 2025-06-30T14:58:59Z urn:sha1:0f5133b742bf61cda6c98b4cd1d313a330f13f32 Fix incorrect expansion of "" and "." when $PATH contains an executable file or, on Windows, a parent directory of a %PATH% element contains an file with the same name as the %PATH% element but with one of the %PATHEXT% extension (ex: C:\utils\bin is in PATH, and C:\utils\bin.exe exists). Fix incorrect expansion of ".." when $PATH contains an element which is an the concatenation of the path to an executable file (or on Windows a path that can be expanded to an executable by appending a %PATHEXT% extension), a path separator and a name. "", "." and ".." are now rejected early with ErrNotFound. Fixes CVE-2025-47906 Fixes #74804 Change-Id: Ie50cc0a660fce8fbdc952a7f2e05c36062dcb50e Reviewed-on: https://go-review.googlesource.com/c/go/+/685755 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit e0b07dc22eaab1b003d98ad6d63cdfacc76c5c70) Reviewed-on: https://go-review.googlesource.com/c/go/+/691875 Reviewed-by: Michael Knyszek <mknyszek@google.com> 2025-07-30T18:54:02Z Keith Randall khr@golang.org 2025-07-21T17:09:35Z urn:sha1:6e1c4529e4e00ab58572deceab74cc4057e6f0b6 That way, the frame is atomically popped. Previously, for big frames the SP was unwound in two steps (because arm64 can only add constants up to 1<<12 in a single instruction). Fixes #74694 Change-Id: I382c249194ad7bc9fc19607c27487c58d90d49e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/689235 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Keith Randall <khr@google.com> (cherry picked from commit f7cc61e7d7f77521e073137c6045ba73f66ef902) Reviewed-on: https://go-review.googlesource.com/c/go/+/689596 2025-07-30T18:52:37Z qmuntal quimmuntal@gmail.com 2025-07-24T13:38:35Z urn:sha1:731de13dc37dead19bb02917447d1cd8991f7eda TestImpersonated and TestGroupIdsTestUser are flaky due to sporadic failures when creating the test user account when running the tests from different processes at the same time. This flakiness can be fixed by using a random name for the test user account. For #73523. Fixes #74760. Cq-Include-Trybots: luci.golang.try:go1.24-windows-amd64-longtest Change-Id: Ib2283a888437420502b1c11d876c975f5af4bc03 Reviewed-on: https://go-review.googlesource.com/c/go/+/690175 Auto-Submit: Quim Muntal <quimmuntal@gmail.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> (cherry picked from commit 374e3be2eb9b546ef1340f750e343c15a8f87dde) Reviewed-on: https://go-review.googlesource.com/c/go/+/690556 Reviewed-by: Mark Freeman <mark@golang.org> Reviewed-by: Quim Muntal <quimmuntal@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> 2025-07-10T17:03:34Z Michael Anthony Knyszek mknyszek@google.com 2025-03-21T16:26:15Z urn:sha1:390ffce7d60abf7d5317c0a78beef64affd0059a CL 614257 refactored mallocgc but lost an optimization: if a span for a large object is already backed by memory fresh from the OS (and thus zeroed), we don't need to zero it. CL 614257 unconditionally zeroed spans for large objects that contain pointers. This change restores the optimization from before CL 614257, which seems to matter in some real-world programs. While we're here, let's also fix a hole with the garbage collector being able to observe uninitialized memory of the large object is observed by the conservative scanner before being published. The gory details are in a comment in heapSetTypeLarge. In short, this change makes span.largeType an atomic variable, such that the GC can only observe initialized memory if span.largeType != nil. For #72991. Fixes #73800. Change-Id: I2048aeb220ab363d252ffda7d980b8788e9674dc Reviewed-on: https://go-review.googlesource.com/c/go/+/659956 Reviewed-by: Keith Randall <khr@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Felix Geisendörfer <felix.geisendoerfer@datadoghq.com> (cherry picked from commit df9888ea4e97feb755e452609be5078686370995) Reviewed-on: https://go-review.googlesource.com/c/go/+/682356 2025-07-10T17:03:11Z Michael Pratt mpratt@google.com 2025-06-27T21:21:20Z urn:sha1:b454859a8a1c8ae10635825beda4cf516d949e48 findRunnable takes a snapshot of allp prior to dropping the P because afterwards procresize may mutate allp without synchronization. procresize is careful to never mutate the contents up to cap(allp), so findRunnable can still safely access the Ps in the slice. Unfortunately, growing allp is problematic. If procresize grows the allp backing array, it drops the reference to the old array. allpSnapshot still refers to the old array, but allpSnapshot is on the system stack in findRunnable, which also likely no longer has a P at all. This means that a future GC will not find the reference and can free the array and use it for another allocation. This would corrupt later reads that findRunnable does from the array. The fix is simple: the M struct itself is reachable by the GC, so we can stash the snapshot in the M to ensure it is visible to the GC. The ugliest part of the CL is the cleanup when we are done with the snapshot because there are so many return/goto top sites. I am tempted to put mp.clearAllpSnapshot() in the caller and at top to make this less error prone, at the expensive of extra unnecessary writes. For #74414. For #74416. Change-Id: I6a6a636c484e4f4b34794fd07910b3fffeca830b Reviewed-on: https://go-review.googlesource.com/c/go/+/684460 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Pratt <mpratt@google.com> (cherry picked from commit 740857f529ce4074c7f9aa1d6f38db8c4a00246c) Reviewed-on: https://go-review.googlesource.com/c/go/+/685056 2025-07-08T17:00:27Z Gopher Robot gobot@golang.org 2025-07-08T16:35:58Z urn:sha1:9d828e80fa1f3cc52de60428cae446b35b576de8 Change-Id: I0d1554956b9fb4453fc6cce977d67c56476e3624 Reviewed-on: https://go-review.googlesource.com/c/go/+/686455 Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Gopher Robot <gobot@golang.org> Reviewed-by: David Chase <drchase@google.com> TryBot-Bypass: Gopher Robot <gobot@golang.org> 2025-07-08T16:29:29Z Roland Shoemaker bracewell@google.com 2025-06-09T18:23:46Z urn:sha1:825eeee3f789a11231ce23a4836c74ec5e34bf2a Removes the somewhat redundant vcs.FromDir, "allowNesting" argument, which was always enabled, and disallow multiple VCS metadata folders being present in a single directory. This makes VCS injection attacks much more difficult. Also adds a GODEBUG, allowmultiplevcs, which re-enables this behavior. Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for reporting this issue. Updates #74380 Fixes #74381 Fixes CVE-2025-4674 Change-Id: I6c7925b034d60b80d7698cca677b00bdcc67f24e Reviewed-on: https://go-review.googlesource.com/c/go/+/686395 Reviewed-by: David Chase <drchase@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Commit-Queue: Carlos Amedee <carlos@golang.org> 2025-06-27T17:20:50Z Cherry Mui cherryyz@google.com 2025-06-26T19:46:31Z urn:sha1:dbf30d88f3b8c8129fb0978dda7452cc931b75d6 Currently, if there is a BSS reference and a DATA symbol definition with the same name, we pick the DATA symbol, as it contains the right content. In this case, if the BSS reference has a larger size, we error out, because it is not safe to access a smaller symbol as if it has a larger size. Sometimes code declares a global variable in Go and defines it in assembly with content. They are expected to be of the same size. However, in ASAN mode, we insert a red zone for the variable on the Go side, making it have a larger size, whereas the assembly symbol is unchanged. This causes the Go reference (BSS) has a larger size than the assembly definition (DATA). It results in an error currently. This code is valid and safe, so we should permit that. We support this case by increasing the symbol size to match the larger size (of the BSS side). The symbol content (from the DATA side) is kept. In some sense, we merge the two symbols. When loading symbols, it is not easy to change its size (as the object file may be mapped read-only), so we add it to a fixup list, and fix it up later after all Go symbols are loaded. This is a very rare case, so the list should not be long. We could limit this to just ASAN mode. But it seems okay to allow this in general. As long as the symbol has the larger size, it is safe to access it with the larger size. Updates #74314. Fixes #74403. Change-Id: I3ee6e46161d8f59500e2b81befea11e563355a57 Reviewed-on: https://go-review.googlesource.com/c/go/+/684236 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> (cherry picked from commit 0f8ab2db177baee7b04182f5641693df3b212aa9) Reviewed-on: https://go-review.googlesource.com/c/go/+/684455 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>