Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/compile: unsafe.{SliceData,StringData} possible memory corruption in escape analysis #57823

Closed
cuonglm opened this issue Jan 16, 2023 · 4 comments
Closed

cmd/compile: unsafe.{SliceData,StringData} possible memory corruption in escape analysis #57823

cuonglm opened this issue Jan 16, 2023 · 4 comments
Assignees
@cuonglm
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Milestone
Go1.20

Comments

@cuonglm
Copy link
Member

cuonglm commented Jan 16, 2023

What version of Go are you using (go version)?

$ go version
go version devel go1.20-1c65b69bd1 Mon Jan 16 08:37:36 2023 +0000 linux/amd64

Does this issue reproduce with the latest release?

No

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

What did you do?

https://go.dev/play/p/tieGuZcQDo9?v=gotip

What did you expect to see?

Program run successfully.

What did you see instead?

fatal error: runtime.SetFinalizer: pointer not in allocated block

goroutine 1 [running]:
runtime.throw({0x46e779?, 0x400000?})
	/usr/local/go-faketime/src/runtime/panic.go:1047 +0x5d fp=0xc000040660 sp=0xc000040630 pc=0x42dc5d
runtime.SetFinalizer({0x45f8a0, 0xc00004075f}, {0x460360, 0xc000096000})
	/usr/local/go-faketime/src/runtime/mfinal.go:412 +0x69c fp=0xc000040738 sp=0xc000040660 pc=0x412a7c
main.main()
	/tmp/sandbox1089541107/prog.go:16 +0x8c fp=0xc000040780 sp=0xc000040738 pc=0x45b10c
runtime.main()
	/usr/local/go-faketime/src/runtime/proc.go:250 +0x1f8 fp=0xc0000407e0 sp=0xc000040780 pc=0x4304d8
runtime.goexit()
	/usr/local/go-faketime/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000407e8 sp=0xc0000407e0 pc=0x4581c1

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	/usr/local/go-faketime/src/runtime/proc.go:381 +0xd6 fp=0xc000040fb0 sp=0xc000040f90 pc=0x430916
runtime.goparkunlock(...)
	/usr/local/go-faketime/src/runtime/proc.go:387
runtime.forcegchelper()
	/usr/local/go-faketime/src/runtime/proc.go:305 +0xa5 fp=0xc000040fe0 sp=0xc000040fb0 pc=0x430745
runtime.goexit()
	/usr/local/go-faketime/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000040fe8 sp=0xc000040fe0 pc=0x4581c1
created by runtime.init.6
	/usr/local/go-faketime/src/runtime/proc.go:293 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
	/usr/local/go-faketime/src/runtime/proc.go:381 +0xd6 fp=0xc000041780 sp=0xc000041760 pc=0x430916
runtime.goparkunlock(...)
	/usr/local/go-faketime/src/runtime/proc.go:387
runtime.bgsweep(0x0?)
	/usr/local/go-faketime/src/runtime/mgcsweep.go:278 +0x8e fp=0xc0000417c8 sp=0xc000041780 pc=0x41dbce
runtime.gcenable.func1()
	/usr/local/go-faketime/src/runtime/mgc.go:178 +0x26 fp=0xc0000417e0 sp=0xc0000417c8 pc=0x413026
runtime.goexit()
	/usr/local/go-faketime/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000417e8 sp=0xc0000417e0 pc=0x4581c1
created by runtime.gcenable
	/usr/local/go-faketime/src/runtime/mgc.go:178 +0x6b

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc00005e000?, 0x47f618?, 0x1?, 0x0?, 0x0?)
	/usr/local/go-faketime/src/runtime/proc.go:381 +0xd6 fp=0xc000041f70 sp=0xc000041f50 pc=0x430916
runtime.goparkunlock(...)
	/usr/local/go-faketime/src/runtime/proc.go:387
runtime.(*scavengerState).park(0x4c97e0)
	/usr/local/go-faketime/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc000041fa0 sp=0xc000041f70 pc=0x41bb53
runtime.bgscavenge(0x0?)
	/usr/local/go-faketime/src/runtime/mgcscavenge.go:628 +0x45 fp=0xc000041fc8 sp=0xc000041fa0 pc=0x41c0e5
runtime.gcenable.func2()
	/usr/local/go-faketime/src/runtime/mgc.go:179 +0x26 fp=0xc000041fe0 sp=0xc000041fc8 pc=0x412fc6
runtime.goexit()
	/usr/local/go-faketime/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000041fe8 sp=0xc000041fe0 pc=0x4581c1
created by runtime.gcenable
	/usr/local/go-faketime/src/runtime/mgc.go:179 +0xaa
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Jan 16, 2023
@cuonglm cuonglm self-assigned this Jan 16, 2023
@cuonglm cuonglm added the NeedsFix The path to resolution is known, but the work has not been done. label Jan 16, 2023
@cuonglm cuonglm changed the title cmd/compile: unsafe.{SliceData,StringData} possible memory corruption in escape analysis cmd/compile: unsafe.SliceData possible memory corruption in escape analysis Jan 16, 2023
@gopherbot
Copy link

Change https://go.dev/cl/461759 mentions this issue: cmd/compile: fix unsafe.SliceData escape analysis memory corruption

@cuonglm
Copy link
Member Author

cuonglm commented Jan 16, 2023

Seems we need this in 1.20 release? cc @mdempsky @randall77

@bcmills bcmills added this to the Go1.20 milestone Jan 17, 2023
@randall77
Copy link
Contributor

Here's a string version reproducer:

package main

import (
	"runtime"
	"unsafe"
)

//go:noinline
func f(x, y string) {
	s := x + y // put in temporary on stack
	p := unsafe.StringData(s)
	runtime.SetFinalizer(p, func(*byte) {})
}

func main() {
	f("foo", "bar")
}

@cuonglm cuonglm changed the title cmd/compile: unsafe.SliceData possible memory corruption in escape analysis cmd/compile: unsafe.{SliceData,StringData} possible memory corruption in escape analysis Jan 17, 2023
@gopherbot
Copy link

Change https://go.dev/cl/461760 mentions this issue: [release-branch.go1.20] cmd/compile: fix unsafe.{SliceData,StringData} escape analysis memory corruption

gopherbot pushed a commit that referenced this issue Jan 18, 2023
@cuonglm @cherrymui
[release-branch.go1.20] cmd/compile: fix unsafe.{SliceData,StringData…
d7c6da8 
…} escape analysis memory corruption

Updates #57823
Updates #57854

Change-Id: I54654d3ecb20b75afa9052c5c9db2072a86188d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/461759
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/461760
@golang golang locked and limited conversation to collaborators Jan 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@cuonglm cuonglm

Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker
Projects
None yet
Milestone
Go1.20
Development

No branches or pull requests
4 participants
@cuonglm @bcmills @randall77 @gopherbot