1
0
mirror of https://github.com/golang/go synced 2024-11-08 19:36:22 -07:00
Commit Graph

39 Commits

Author SHA1 Message Date
Russ Cox
1dcb5836ad cmd/go: accept only limited compiler and linker flags in #cgo directives
Both gcc and clang accept an option -fplugin=code.so to load
a plugin from the ELF shared object file code.so.
Obviously that plugin can then do anything it wants
during the build. This is contrary to the goal of "go get"
never running untrusted code during the build.
(What happens if you choose to run the result of
the build is your responsibility.)

Disallow this behavior by only allowing a small set of
known command-line flags in #cgo CFLAGS directives
(and #cgo LDFLAGS, etc).

The new restrictions can be adjusted by the environment
variables CGO_CFLAGS_ALLOW, CGO_CFLAGS_DISALLOW,
and so on. See the documentation.

In addition to excluding cgo-defined flags, we also have to
make sure that when we pass file names on the command
line, they don't look like flags. So we now refuse to build
packages containing suspicious file names like -x.go.

A wrinkle in all this is that GNU binutils uniformly accept
@foo on the command line to mean "if the file foo exists,
then substitute its contents for @foo in the command line".
So we must also reject @x.go, flags and flag arguments
beginning with @, and so on.

Fixes #23672, CVE-2018-6574.

Change-Id: I59e7c1355155c335a5c5ae0d2cf8fa7aa313940a
Reviewed-on: https://team-review.git.corp.google.com/209949
Reviewed-by: Ian Lance Taylor <iant@google.com>
2018-02-07 15:35:57 +00:00
Ian Lance Taylor
4b3a3bd3aa runtime: don't issue cgocheck error for timer bucket source pointer
The cgo checker was issuing an error with cgocheck=2 when a timer
bucket was stored in a pollDesc. The pollDesc values are allocated
using persistentalloc, so they are not in the Go heap. The code is OK
since timer bucket pointers point into a global array, and as such are
never garbage collected or moved.

Mark timersBucket notinheap to avoid the problem. timersBucket values
only occur in the global timers array.

Fixes #23435

Change-Id: I835f31caafd54cdacc692db5989de63bb49e7697
Reviewed-on: https://go-review.googlesource.com/87637
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-01-15 22:18:55 +00:00
griesemer
ca2a886cba cmd/compile: record original and absolute file names for line directives
Also, with this change, error locations don't print absolute positions
in [] brackets following positions relative to line directives. To get
the absolute positions as well, specify the -L flag.

Fixes #22660.

Change-Id: I9ecfa254f053defba9c802222874155fa12fee2c
Reviewed-on: https://go-review.googlesource.com/77090
Reviewed-by: David Crawshaw <crawshaw@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2017-11-13 16:47:41 +00:00
Ian Lance Taylor
2a2e4dad33 misc/cgo/errors: don't pass -C to compiler
It's not needed, and the current expectation is that it will go away
in the future.

Change-Id: I5f46800e748d9ffa484bda6d1738290c8e00ac2b
Reviewed-on: https://go-review.googlesource.com/63751
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-09-14 04:02:01 +00:00
Bryan C. Mills
107744e94c misc/cgo/errors: test that the Go rune type is not identical to C.int
rune has a well-defined size, but C.int is implementation-specified.
Using one as the other should require an explicit conversion.

updates #13467

Change-Id: I53ab2478427dca790efdcc197f6b8d9fbfbd1847
Reviewed-on: https://go-review.googlesource.com/63730
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-14 02:24:39 +00:00
Bryan C. Mills
814d92230a misc/cgo/errors: fix erroneous regexp detection
I had passed 1 instead of 2 to the SplitAfterN call in
errorstest.check, so all of the cases were erroneously falling through
to the non-regexp case (and passing even if the actual error didn't
match).

Now, we use bytes.HasSuffix to check for the non-regexp case, so we
will not incorrectly match a regexp comment to the non-regexp case.

updates #13467

Change-Id: Ia6be928a495425f2b7bae5001bd01346e115dcfa
Reviewed-on: https://go-review.googlesource.com/63692
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-14 02:24:04 +00:00
Bryan C. Mills
d02477e994 misc/cgo/errors: port test.bash to Go
This makes the test easier to run in isolation and easier to change,
and simplifies the code to run the tests in parallel.

updates #13467

Change-Id: I5622b5cc98276970347da18e95d071dbca3c5cc1
Reviewed-on: https://go-review.googlesource.com/63276
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-13 17:45:52 +00:00
Hiroshi Ioka
b88e532a9e cmd/cgo: use first error position instead of last one
Just like https://golang.org/cl/34783

Given cgo.go:
     1	package main
     2
     3	/*
     4	long double x = 0;
     5	*/
     6	import "C"
     7
     8	func main() {
     9		_ = C.x
    10		_ = C.x
    11	}

Before:
    ./cgo.go:10:6: unexpected: 16-byte float type - long double

After:
    ./cgo.go:9:6: unexpected: 16-byte float type - long double

The above test case is not portable. So it is tested on only amd64.

Change-Id: If0b84cf73d381a22e2ada71c8e9a6e6ec77ffd2e
Reviewed-on: https://go-review.googlesource.com/54950
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-08-14 05:29:11 +00:00
Ian Lance Taylor
4fa2674aa7 misc/cgo/errors: update ptr.go comment
Accidentally omitted from submit of CL 53352.

Updates #21306

Change-Id: I022d89c6417fe9371856d49b646eb6294b91657c
Reviewed-on: https://go-review.googlesource.com/53415
Reviewed-by: Austin Clements <austin@google.com>
Reviewed-by: Avelino <t@avelino.xxx>
2017-08-08 04:31:40 +00:00
Ian Lance Taylor
f096b5b340 runtime: mark activeModules nosplit/nowritebarrier
The activeModules function is called by the cgo pointer checking code,
which is called by the write barrier (when GODEBUG=cgocheck=2), and as
such must be nosplit/nowritebarrier.

Fixes #21306

Change-Id: I57f2124f14de7f3872b2de9532abab15df95d45a
Reviewed-on: https://go-review.googlesource.com/53352
Reviewed-by: Austin Clements <austin@google.com>
2017-08-05 18:05:41 +00:00
Alberto Donizetti
e5d2104582 cmd/cgo: show pos info in undefined name errors
For test.go:

	package main

	import (
	   "C"
	   "fmt"
	)

	func main() {
		 fmt.Println("Hello, world!")
		 C.no_such_f()
	}

Before:

	could not determine kind of name for C.no_such_f

After:

	./test.go:10:2: could not determine kind of name for C.no_such_f

Fixes #18452

Change-Id: I49c136b7fa60fab25d2d5b905d440fe4d106e565
Reviewed-on: https://go-review.googlesource.com/34783
Run-TryBot: Alberto Donizetti <alb.donizetti@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-06-03 16:08:49 +00:00
Alexander Menzhinsky
2463a49ebb cmd/cgo: reject references to builtin functions other than calls
Here we restrict using cgo builtin references because internally they're go functions
as opposed to C usafe.Pointer values.

Fixes #18889

Change-Id: I1e4332e4884063ccbaf9772c172d4462ec8f3d13
Reviewed-on: https://go-review.googlesource.com/40934
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-04-18 22:14:43 +00:00
Robert Griesemer
2a5cf48f91 cmd/compile: print columns (not just lines) in error messages
Compiler errors now show the exact line and line byte offset (sometimes
called "column") of where an error occured. For `go tool compile x.go`:

	package p
	const c int = false
	//line foo.go:123
	type t intg

reports

	x.go:2:7: cannot convert false to type int
	foo.go:123[x.go:4:8]: undefined: intg

(Some errors use the "wrong" position for the error message; arguably
the byte offset for the first error should be 15, the position of 'false',
rathen than 7, the position of 'c'. But that is an indepedent issue.)

The byte offset (column) values are measured in bytes; they start at 1,
matching the convention used by editors and IDEs.

Positions modified by //line directives show the line offset only for the
actual source location (in square brackets), not for the "virtual" file and
line number because that code is likely generated and the //line directive
only provides line information.

Because the new format might break existing tools or scripts, printing
of line offsets can be disabled with the new compiler flag -C. We plan
to remove this flag eventually.

Fixes #10324.

Change-Id: I493f5ee6e78457cf7b00025aba6b6e28e50bb740
Reviewed-on: https://go-review.googlesource.com/37970
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2017-03-09 23:29:49 +00:00
Ian Lance Taylor
27b68474ca cmd/cgo: run cgo pointer checks for pointer to union
If a C union type (or a C++ class type) can contain a pointer field,
then run the cgo checks on pointers to that type. This will test the
pointer as though it were an unsafe.Pointer, and will crash if it points
to Go memory that contains a pointer.

Fixes #15942.

Change-Id: Ic2d07ed9648d4b27078ae7683e26196bcbc59fc9
Reviewed-on: https://go-review.googlesource.com/33237
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-11-15 17:10:52 +00:00
Ian Lance Taylor
e24ccfc6fc misc/cgo/errors: fix malloc test for dragonfly
The Dragonfly libc returns a non-zero value for malloc(-1).

Fixes #17585.

Change-Id: Icfe68011ccbc75c676273ee3c3efdf24a520a004
Reviewed-on: https://go-review.googlesource.com/32050
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-10-25 20:11:50 +00:00
Ian Lance Taylor
b4ce38ec57 cmd/cgo: throw if C.malloc returns nil
Change-Id: If7740ac7b6c4190db5a1ab4100d12cf16dc79c84
Reviewed-on: https://go-review.googlesource.com/31768
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-10-25 02:38:49 +00:00
Ian Lance Taylor
a16954b8a7 cmd/cgo: always use a function literal for pointer checking
The pointer checking code needs to know the exact type of the parameter
expected by the C function, so that it can use a type assertion to
convert the empty interface returned by cgoCheckPointer to the correct
type. Previously this was done by using a type conversion, but that
meant that the code accepted arguments that were convertible to the
parameter type, rather than arguments that were assignable as in a
normal function call. In other words, some code that should not have
passed type checking was accepted.

This CL changes cgo to always use a function literal for pointer
checking. Now the argument is passed to the function literal, which has
the correct argument type, so type checking is performed just as for a
function call as it should be.

Since we now always use a function literal, simplify the checking code
to run as a statement by itself. It now no longer needs to return a
value, and we no longer need a type assertion.

This does have the cost of introducing another function call into any
call to a C function that requires pointer checking, but the cost of the
additional call should be minimal compared to the cost of pointer
checking.

Fixes #16591.

Change-Id: I220165564cf69db9fd5f746532d7f977a5b2c989
Reviewed-on: https://go-review.googlesource.com/31233
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2016-10-19 21:20:50 +00:00
qeed
d282427248 cmd/cgo: error, not panic, if not enough arguments to function
Fixes #16116.

Change-Id: Ic3cb0b95382bb683368743bda49b4eb5fdcc35c0
Reviewed-on: https://go-review.googlesource.com/24286
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2016-06-21 04:32:04 +00:00
Ian Lance Taylor
837984f372 cmd/cgo: use function arg type for _cgoCheckPointerN function
When cgo writes a _cgoCheckPointerN function to handle unsafe.Pointer,
use the function's argument type rather than interface{}. This permits
type errors to be detected at build time rather than run time.

Fixes #13830.

Change-Id: Ic7090905e16b977e2379670e0f83640dc192b565
Reviewed-on: https://go-review.googlesource.com/23675
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
2016-06-09 16:02:03 +00:00
Ian Lance Taylor
7b48020cfe cmd/cgo: check pointers for deferred C calls at the right time
We used to check time at the point of the defer statement. This change
fixes cgo to check them when the deferred function is executed.

Fixes #15921.

Change-Id: I72a10e26373cad6ad092773e9ebec4add29b9561
Reviewed-on: https://go-review.googlesource.com/23650
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
2016-06-03 20:51:39 +00:00
Ian Lance Taylor
b5d18b50ac cmd/cgo: remove -O options when generating compiler errors
The cgo tool generates compiler errors to find out what kind of name it
is using.  Turning on optimization can confuse that process by producing
new unexpected messages.

Fixes #14669.

Change-Id: Idc8e35fd259711ecc9638566b691c11d17140325
Reviewed-on: https://go-review.googlesource.com/23231
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-05-27 01:40:30 +00:00
Ian Lance Taylor
538537a28d runtime: check only up to ptrdata bytes for pointers
Fixes #14508.

Change-Id: I237d0c5a79a73e6c97bdb2077d8ede613128b978
Reviewed-on: https://go-review.googlesource.com/23224
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
2016-05-18 23:39:06 +00:00
Emmanuel Odeke
53fd522c0d all: make copyright headers consistent with one space after period
Follows suit with https://go-review.googlesource.com/#/c/20111.

Generated by running
$ grep -R 'Go Authors.  All' * | cut -d":" -f1 | while read F;do perl -pi -e 's/Go
Authors.  All/Go Authors. All/g' $F;done

The code in cmd/internal/unvendor wasn't changed.

Fixes #15213

Change-Id: I4f235cee0a62ec435f9e8540a1ec08ae03b1a75f
Reviewed-on: https://go-review.googlesource.com/21819
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2016-05-02 13:43:18 +00:00
Ian Lance Taylor
71cc445cf9 cmd/cgo: recognize known C typedefs as types
Fixes #14483.

Change-Id: I0cddfe27fd8d00ba85659d0b618410e39ebf45cb
Reviewed-on: https://go-review.googlesource.com/19860
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-02-27 22:51:51 +00:00
Ian Lance Taylor
e97096661e runtime: handle kindString in cgoCheckArg
It's awkward to get a string value in cgoCheckArg, but SWIG testing
revealed that it is possible.  The new handling of extra files in the
ptr.go test emulates what SWIG does with an exported function that
returns a string.

Change-Id: I453717f867b8a49499576c28550e7c93053a0cf8
Reviewed-on: https://go-review.googlesource.com/19020
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-01-27 22:50:37 +00:00
Ian Lance Taylor
d91ec5bb40 cmd/cgo, runtime: recognize unsafe.Pointer(&s[0]) in cgo pointer checks
It's fairly common to call cgo functions with conversions to
unsafe.Pointer or other C types.  Apply the simpler checking of address
expressions when possible when the address expression occurs within a
type conversion.

Change-Id: I5187d4eb4d27a6542621c396cad9ee4b8647d1cd
Reviewed-on: https://go-review.googlesource.com/18391
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-01-08 03:56:30 +00:00
Shenghou Ma
a766d8e59c cmd/cgo: map C unsigned char back to _Ctype_uchar in error messages
Fixes #13635.

Change-Id: Icab4a45567f435f002a8f6c85db9538acf054a70
Reviewed-on: https://go-review.googlesource.com/17863
Run-TryBot: Minux Ma <minux@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2015-12-16 22:13:17 +00:00
Ian Lance Taylor
5a049aa4a6 cmd/cgo: error, not panic, if not enough arguments to function
Fixes #13423.

Change-Id: I41bb45790cca36c57a107796f0eca61287acb2a9
Reviewed-on: https://go-review.googlesource.com/17332
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2015-12-02 21:02:28 +00:00
Matthew Dempsky
de640d369d cmd/cgo: handle another Clang DWARF quirk
Without the fix:

    $ CC=clang-3.5 ./test.bash
    misc/cgo/errors/test.bash: BUG: expected error output to contain "C.ushort" but saw:
    # command-line-arguments
    ./issue13129.go:13: cannot use int(0) (type int) as type C.unsignedshort in assignment

Fixes #13129.

Change-Id: I2c019d2d000f5bfa3e33c477e533aff97031a84f
Reviewed-on: https://go-review.googlesource.com/17207
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2015-11-25 21:13:41 +00:00
Ian Lance Taylor
0e2c635788 cmd/cgo, runtime: exported Go functions can't return a Go pointer
Update #12416.

Change-Id: Iccbcb12709d1ca9bea87274f44f93cfcebadb070
Reviewed-on: https://go-review.googlesource.com/17048
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: David Crawshaw <crawshaw@golang.org>
2015-11-19 18:28:39 +00:00
Ian Lance Taylor
be1ef46775 runtime: add optional expensive check for invalid cgo pointer passing
If you set GODEBUG=cgocheck=2 the runtime package will use the write
barrier to detect cases where a Go program writes a Go pointer into
non-Go memory.  In conjunction with the existing cgo checks, and the
not-yet-implemented cgo check for exported functions, this should
reliably detect all cases (that do not import the unsafe package) in
which a Go pointer is incorrectly shared with C code.  This check is
optional because it turns on the write barrier at all times, which is
known to be expensive.

Update #12416.

Change-Id: I549d8b2956daa76eac853928e9280e615d6365f4
Reviewed-on: https://go-review.googlesource.com/16899
Reviewed-by: Russ Cox <rsc@golang.org>
2015-11-16 18:39:06 +00:00
Ian Lance Taylor
9dcc58c3d1 cmd/cgo, runtime: add checks for passing pointers from Go to C
This implements part of the proposal in issue 12416 by adding dynamic
checks for passing pointers from Go to C.  This code is intended to be
on at all times.  It does not try to catch every case.  It does not
implement checks on calling Go functions from C.

The new cgo checks may be disabled using GODEBUG=cgocheck=0.

Update #12416.

Change-Id: I48de130e7e2e83fb99a1e176b2c856be38a4d3c8
Reviewed-on: https://go-review.googlesource.com/16003
Reviewed-by: Russ Cox <rsc@golang.org>
2015-11-10 22:22:10 +00:00
Didier Spezia
9c258c6aa6 cmd/cgo: fix panic on references to non-existing C types
cgo panics in Package.rewriteRef for:

var a = C.enum_test(1)
or
p := new(C.enum_test)

when the corresponding enum type is not defined.

Check nil values for Type fields and issue a proper
error instead.

Fixes #11097
Updates #12160

Change-Id: I5821d29097ef0a36076ec5273125b09846c7d832
Reviewed-on: https://go-review.googlesource.com/15264
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2015-10-05 22:37:07 +00:00
Brad Fitzpatrick
d5f690609f build: convert run.bash, run.bat, and run.rc into a Go program
This will enable test sharding over multiple VMs, to speed trybot answers.

Update #10029

Change-Id: Ie277c6459bc38005e4d6af14d22effeaa0a4667e
Reviewed-on: https://go-review.googlesource.com/6531
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
2015-03-03 23:22:11 +00:00
Matthew Dempsky
ba30c082c0 cmd/cgo: check for compiler errors in the C preamble
E.g., here's the new "go build" output:

$ go build misc/cgo/errors/issue8442.go
# command-line-arguments
could not determine kind of name for C.issue8442foo

gcc errors for preamble:
misc/cgo/errors/issue8442.go:11:19: error: unknown type name 'UNDEF'

Fixes #8442.

LGTM=iant
R=iant, alex.brainman
CC=golang-codereviews
https://golang.org/cl/129160043
2014-08-14 09:21:58 -07:00
Matthew Dempsky
11016f62d8 cmd/cgo: make C function pointers non-assignable
Fixes #7757.
Fixes #8488.

LGTM=iant
R=iant
CC=golang-codereviews
https://golang.org/cl/118690044
2014-08-12 12:55:12 -07:00
Daniel Morsing
0f82cfd3f0 cmd/cgo: enforce typing of 0-sized types
cgo represents all 0-sized and unsized types internally as [0]byte. This means that pointers to incomplete types would be interchangable, even if given a name by typedef.

Fixes #7409.

LGTM=iant
R=golang-codereviews, bradfitz, iant
CC=golang-codereviews
https://golang.org/cl/76450043
2014-03-27 20:23:16 +00:00
Russ Cox
dbe2eacf04 cmd/cgo: fix line number in an error message
Fixes #6563.

R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/14870046
2013-10-18 16:52:44 -04:00
Ian Lance Taylor
f68c23e2bb cmd/cgo: don't let #cgo directives mess up line numbering
Fixes #5272.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/13498046
2013-09-03 21:15:15 -07:00