From b8c4cc63e77bd457dffa6ec83a3ff65382dac94b Mon Sep 17 00:00:00 2001 From: Daniel Morsing Date: Tue, 16 Dec 2025 13:50:57 +0000 Subject: runtime: keep track of secret allocation size During a naive attempt to test the new runtime/secret package, I tried wrapping the entire handshake in a secret.Do call. This lead to a panic because some of the allocator logic had been previously untested. freeSpecial takes p and size, but they can be misleading. They don't refer to the pointer and size of the object with the special attached, but a pointer to the enclosing object and the size of the span element. The previous code did not take this into account and when passing the size to memclr would overwrite nearby objects. Fix by storing the size of the object being cleared inside the special. Fixes #76865. Change-Id: Ifae31f1c8d0609a562a37f37c45aec2f369dc6a5 Reviewed-on: https://go-review.googlesource.com/c/go/+/730361 Reviewed-by: Michael Knyszek LUCI-TryBot-Result: Go LUCI Reviewed-by: David Chase --- src/runtime/malloc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/runtime/malloc.go') diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go index fd79356aba..c08bc7574b 100644 --- a/src/runtime/malloc.go +++ b/src/runtime/malloc.go @@ -1213,7 +1213,7 @@ func mallocgc(size uintptr, typ *_type, needzero bool) unsafe.Pointer { if goexperiment.RuntimeSecret && gp.secret > 0 { // Mark any object allocated while in secret mode as secret. // This ensures we zero it immediately when freeing it. - addSecret(x) + addSecret(x, size) } // Notify sanitizers, if enabled. -- cgit v1.3