[release-branch.go1.25] cmd/go: remove user-content from doc strings in cgo ASTs.

Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue. Updates #76697 Fixes #77129 Fixes CVE-2025-61732 Change-Id: I9ecbef556f6e545fb152407041cd086c069f22d1 Reviewed-on: https://go-review.googlesource.com/c/go/+/740040 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
author: Neal Patel <nealpatel@google.com> 2026-01-06 16:09:19 -0500
committer: Gopher Robot <gobot@golang.org> 2026-01-28 12:31:52 -0800
commit: b19100991ac6d096e67cead47392049c178fd5ab (patch)
tree: 0eb63c231e796d4b78d17ec70110082ba326b2ad
parent: 738bc3a33c115e3ca48793117047390b3fe37392 (diff)
download: go-b19100991ac6d096e67cead47392049c178fd5ab.tar.xz
1 files changed, 3 insertions, 8 deletions
diff --git a/src/cmd/cgo/ast.go b/src/cmd/cgo/ast.go
index 861479db7a..11f5831ccd 100644
--- a/src/cmd/cgo/ast.go
+++ b/src/cmd/cgo/ast.go
@@ -301,17 +301,12 @@ func (f *File) saveExport(x interface{}, context astContext) {
 			error_(c.Pos(), "export comment has wrong name %q, want %q", name, n.Name.Name)
 		}
 
-		doc := ""
-		for _, c1 := range n.Doc.List {
-			if c1 != c {
-				doc += c1.Text + "\n"
-			}
-		}
-
 		f.ExpFunc = append(f.ExpFunc, &ExpFunc{
 			Func:    n,
 			ExpName: name,
-			Doc:     doc,
+			// Caution: Do not set the Doc field on purpose
+			// to ensure that there are no unintended artifacts
+			// in the binary. See https://go.dev/issue/76697.
 		})
 		break
 	}
author	Neal Patel <nealpatel@google.com>	2026-01-06 16:09:19 -0500
committer	Gopher Robot <gobot@golang.org>	2026-01-28 12:31:52 -0800
commit	b19100991ac6d096e67cead47392049c178fd5ab (patch)
tree	0eb63c231e796d4b78d17ec70110082ba326b2ad
parent	738bc3a33c115e3ca48793117047390b3fe37392 (diff)
download	go-b19100991ac6d096e67cead47392049c178fd5ab.tar.xz