You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note the faulting address is 0x18. That's the offset of runtime.itab.fun[0]. The code is trying to load the function pointer from a nil itab pointer.
There's a subtle bug here - if an interface has lots of methods, that offset is potentially large enough to not fault when loading from the nil itab. We'll then jump to arbitrary code.
It's even potentially a security risk. I'm not too worried, though, as it requires an interface with >~ pagesize/ptrsize = 512 methods to even present that attack surface.
We do the right thing for methods that we go or defer, see CL 23820. I think we just need to do the nil check for everything. It should be easy to optimize out in the common case.
When, I run it, I get:
Note the faulting address is 0x18. That's the offset of
runtime.itab.fun[0]
. The code is trying to load the function pointer from a nil itab pointer.There's a subtle bug here - if an interface has lots of methods, that offset is potentially large enough to not fault when loading from the nil itab. We'll then jump to arbitrary code.
It's even potentially a security risk. I'm not too worried, though, as it requires an interface with >~ pagesize/ptrsize = 512 methods to even present that attack surface.
We do the right thing for methods that we
go
ordefer
, see CL 23820. I think we just need to do the nil check for everything. It should be easy to optimize out in the common case.First reported on golang-nuts: https://groups.google.com/forum/#!topic/golang-nuts/MCBYxlaD-08
@cherrymui
The text was updated successfully, but these errors were encountered: