cmd/cgo: recognize that unsafe.StringData only points to a string #59954

ianlancetaylor · 2023-05-03T20:56:24Z

After https://go.dev/cl/483815 this program fails when run with GOEXPERIMENT=boringcrypto:

package main

import (
	"crypto/sha1"
	"fmt"
	"io"
	"unsafe"
)

func hash(a, b string) []byte {
	h := sha1.New()
	h.(io.StringWriter).WriteString(a+b)
	return h.Sum(nil)
}

type S struct {
	buf [5]byte
	z   int
	p   *int
}

var x = S{p: new(int)}

func main() {
	x.buf[0] = 'a'
	s := unsafe.String(&x.buf[0], 1)
	fmt.Printf("%x\n", hash(s, ""))
}

Running this program normally works fine. With GOEXPERIMENT=boringcrypto it fails with

panic: runtime error: cgo argument has Go pointer to Go pointer

goroutine 1 [running]:
crypto/internal/boring.(*sha1Hash).WriteString.func1(0xc00009e000, {0x6fbcf0, 0x1})
	/home/iant/go/src/crypto/internal/boring/sha.go:149 +0x30
crypto/internal/boring.(*sha1Hash).WriteString(0xc0000061a0?, {0x6fbcf0?, 0x1})
	/home/iant/go/src/crypto/internal/boring/sha.go:149 +0x25
main.hash({0x6fbcf0, 0x1}, {0x0, 0x0})
	/home/iant/foo.go:12 +0x85
main.main()
	/home/iant/foo.go:27 +0x3d
exit status 2

The problem is that the boringcrypto code looks like this:

func (h *sha1Hash) WriteString(s string) (int, error) {
	if len(s) > 0 && C._goboringcrypto_SHA1_Update(h.noescapeCtx(), unsafe.Pointer(unsafe.StringData(s)), C.size_t(len(s))) == 0 {
		panic("boringcrypto: SHA1_Update failed")
	}
	return len(s), nil
}

The cgo command does not recognize that passing unsafe.Pointer(unsafe.StringData(s)) should only check the contents of the string. Since it doesn't recognize that, it winds up checking the entire contents of the struct that contains the string, leading to report an incorrect error.

While this test case is rather artificial, a more realistic test case can be constructed using arenas, in which the arena itself plays the part of the struct that may have associated pointers.

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-05-03T21:00:17Z

Change https://go.dev/cl/492355 mentions this issue: Revert "crypto/sha512: add WriteString and WriteByte method"

gopherbot · 2023-05-03T21:03:45Z

Change https://go.dev/cl/492375 mentions this issue: Revert "crypto/sha1: add WriteString and WriteByte method"

gopherbot · 2023-05-03T21:08:42Z

Change https://go.dev/cl/492356 mentions this issue: Revert "crypto/sha256: add WriteString and WriteByte method"

This reverts CL 483816 Reason for revert: can cause cgo errors when using boringcrypto. See #59954. For #38776 For #59954 Change-Id: I23a2a1f0aed2a08b73855b5038ccb24a4d0a02c0 Reviewed-on: https://go-review.googlesource.com/c/go/+/492355 Run-TryBot: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

This reverts CL 481478 Reason for revert: can cause cgo errors when using boringcrypto. See #59954. For #38776 For #59954 Change-Id: Ic520f9fede152d22ab69996ad84c44f3e0d783bc Reviewed-on: https://go-review.googlesource.com/c/go/+/492356 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com>

This reverts CL 483815 Reason for revert: can cause cgo errors when using boringcrypto. See #59954. For #38776 For #59954 Change-Id: I1f7e0fb06b627971811623927e3d98c0fdbc730b Reviewed-on: https://go-review.googlesource.com/c/go/+/492375 Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Bypass: Ian Lance Taylor <iant@google.com>

gopherbot · 2023-05-08T19:54:03Z

Change https://go.dev/cl/493556 mentions this issue: cmd/cgo: recognize unsafe.{StringData,SliceData}

gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label May 3, 2023

cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 3, 2023

mknyszek assigned ianlancetaylor May 10, 2023

mknyszek modified the milestones: Backlog, Go1.21 May 10, 2023

gopherbot closed this as completed in c7aa48e May 22, 2023

dmitshur added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels May 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cmd/cgo: recognize that unsafe.StringData only points to a string #59954

cmd/cgo: recognize that unsafe.StringData only points to a string #59954

ianlancetaylor commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 8, 2023

cmd/cgo: recognize that unsafe.StringData only points to a string #59954

cmd/cgo: recognize that unsafe.StringData only points to a string #59954

Comments

ianlancetaylor commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 3, 2023

gopherbot commented May 8, 2023