runtime, cmd/compile: possible bad pointers with map[struct{}]struct{} #21508
Comments
|
Maybe it'd suffice to set maptype.valuesize to 1 for such maps. |
|
special map fast routines sounds good. Since this should be very rare they will not usually end up in the binary and they dont complicate existing code. I was also looking into making other special zero sized elem methods for other make methods since they are rare and we can slim down the common code paths:
So specializing map functions sounds good. |
|
So I totally forgot that we pushed the overflow pointer to the end of the bucket exactly to solve this sort of problem, and the one in #21459 . So even if key/value pointers are incremented a final time, or keys or values are zero-sized, we still can't get a beyond-the-object pointer. |
|
Oh right. Yay! For future reference, the original bug was #9384 and fix was CL 1869. |
Many places in the hashmap implementation, we calculate key/val pointers that might point at the end of the bucket if both key and value have zero size.
Given how rare this is, I'd hate to complicate the map routines with checks everywhere. One possible fix is to have special mapfast routines just for maps with zero-sized keys and values, which would then generally be dead-code eliminated.
Other ideas?
@randall77
The text was updated successfully, but these errors were encountered: