Since the number of files in the EOCD record isn't validated, it isn't
safe to preallocate Reader.Files using that field. A malformed archive
can indicate it contains up to 1 << 128 - 1 files. We can still safely
preallocate the slice by checking if the specified number of files in
the archive is reasonable, given the size of the archive.
Thanks to the OSS-Fuzz project for discovering this issue and to
Emmanuel Odeke for reporting it.
Fixes#46242
Fixes CVE-2021-33196
Change-Id: I3c76d8eec178468b380d87fdb4a3f2cb06f0ee76
Reviewed-on: https://go-review.googlesource.com/c/go/+/318909
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Joe Tsai <thebrokentoaster@gmail.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
For the methods LookupCNAME, LookupSRV, LookupMX, LookupNS, and
LookupAddr check that the returned domain names are in fact valid DNS
names using the existing isDomainName function.
Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for
reporting this issue.
Fixes#46241
Fixes CVE-2021-33195
Change-Id: Icf231acd93178a3b6aec3f178cff7e693f74ef8c
Reviewed-on: https://go-review.googlesource.com/c/go/+/320949
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
The stack pointer may have changed after a call from JavaScript into Go
code because of stack growth. The normal case already updated the
sp variable accordingly, but the catch case did not yet.
Fixes#45433
Change-Id: I3e0a33381929626f6b21902948935eb5ffb26c96
Reviewed-on: https://go-review.googlesource.com/c/go/+/321936
Trust: Richard Musiol <neelance@gmail.com>
Run-TryBot: Richard Musiol <neelance@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
On architectures which don't support unaligned loads, make sure we
don't generate code that requires them.
Generated hash functions also matter in this respect, but they all look ok.
Update #37716Fixes#46283
Change-Id: I6197fdfe04da4428092c99bd871d93738789e16b
Reviewed-on: https://go-review.googlesource.com/c/go/+/322151
Trust: Keith Randall <khr@golang.org>
Trust: Josh Bleecher Snyder <josharian@gmail.com>
Run-TryBot: Keith Randall <khr@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: eric fang <eric.fang@arm.com>
TryBot-Result: Go Bot <gobot@golang.org>
Records if regabi was enabled during compilation in the DW_AT_producer
attribute of each compile unit.
This is useful to debuggers that support the debugCall protocol.
Change-Id: I5ad2c48ebf126aeb8bfb459b53a1a5304550036a
Reviewed-on: https://go-review.googlesource.com/c/go/+/318050
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Than McIntosh <thanm@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
This is a different fix for #37716.
Should help make the fix for #46283 easier, since we will no longer
need to keep compiler-generated hash functions and the runtime
hash function in sync.
Change-Id: I84cb93144e425dcd03afc552b5fbd0f2d2cc6d39
Reviewed-on: https://go-review.googlesource.com/c/go/+/322150
Trust: Keith Randall <khr@golang.org>
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
The Go ABI, as it stands, requires spill space to be reserved for
register arguments. syscall.NewCallback (because of compileCallback)
does not actually reserve this space, leading to issues if the Go code
it invokes actually makes use of it.
Fixes#46301.
Change-Id: Idbc3578accaaaa29e4ba32291ef08d464da0b7b0
Reviewed-on: https://go-review.googlesource.com/c/go/+/322029
Trust: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Egon Elbre <egonelbre@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This is a revert of https://go-review.googlesource.com/c/go/+/316890,
which has positive effects on debugging + DWARF variable locations
for register parameters when the reg abi is in effect, but also
turns out to interact badly with the register allocator.
Fixes#46304.
Change-Id: I624bd980493411a9cde45d44fcd3c46cad796909
Reviewed-on: https://go-review.googlesource.com/c/go/+/321830
Trust: Than McIntosh <thanm@google.com>
Run-TryBot: Than McIntosh <thanm@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Changes include:
* ReadRequest function now returns an error when a request has multiple
Host headers.
For #44513.
Updates #46015.
Change-Id: I48ea7c5cee3f1d1a247035fd37191362a53d1f04
Reviewed-on: https://go-review.googlesource.com/c/go/+/317914
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Trust: Heschi Kreinick <heschi@google.com>
As of CL 318629, 'go mod download' without arguments does not save
checksums for module source code. Without a checksum, 'go list' will
not report the location of the source code even if it is present, in
order to prevent accidental access of mismatched code.
Downloading an explicit module here also more clearly expresses the
intent of the test (“download this module and see where it is”), and
may be somewhat more efficient (since the test doesn't need source
code for the other modules in the build list).
Updates #45332
Change-Id: Ic589b22478e3ed140b95365bb6729101dd598ccc
Reviewed-on: https://go-review.googlesource.com/c/go/+/321956
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Fixes#43894
Change-Id: I2add7b8a4f6ae69a5ef1c48703fde21a4b74307c
Reviewed-on: https://go-review.googlesource.com/c/go/+/321852
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Fixes#38874
Change-Id: I819dd008fd6869d335888b4aa03dcf739da9a9a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/320069
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Trust: Daniel Martí <mvdan@mvdan.cc>
'go mod download' without arguments is frequently used to populate the
module cache. It tends to fetch a lot of extra files (for modules in
the build list that aren't needed to build packages in the main
module). It's annoying when sums are written for these extra files.
'go mod download mod@version' will still write sums for specific
modules in the build list. 'go mod download all' still has the
previous behavior.
For now, all invocations of 'go mod download' still update go.mod and
go.sum with changes needed to load the build list (1.15 behavior).
Fixes#45332
Change-Id: I9e17d18a7466ac7271a0e1a2b663f6b3cb168c97
Reviewed-on: https://go-review.googlesource.com/c/go/+/318629
Trust: Jay Conrod <jayconrod@google.com>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Fixes#46294
Change-Id: I50023006dab83dee455f98a702ca1c72e61764ea
Reviewed-on: https://go-review.googlesource.com/c/go/+/321649
Trust: Jay Conrod <jayconrod@google.com>
Trust: Michael Matloob <matloob@golang.org>
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
The test harness waits for "ready" as a sign that the Go runtime has
installed its signal handler and is ready to be tested. But actually,
while LoadLibrary starts the loading of the Go runtime, it does so
asynchronously, so the "ready" sign is potentially premature and
certainly racy. However, all exported cgo entry points make a call to
_cgo_wait_runtime_init_done which waits for that asynchronous
initialization to complete. Therefore, this commit fixes the test to
call into the exported "Dummy" cgo function before emitting the "ready"
sign, so that we're sure the Go runtime is actually loaded.
Updates #45638.
Change-Id: I9b12b172d45bdcc09d54dd301de3a3e499544834
Reviewed-on: https://go-review.googlesource.com/c/go/+/321769
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
The documentation currently does not show how to get an `FS` instance for the operating system's filesystem. This example demonstrates how to accomplish this using the `os` package.
Fixes#46083
Change-Id: I053111c12ab09ef13f0d04fcdff8a6ea0dccf379
Reviewed-on: https://go-review.googlesource.com/c/go/+/319989
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
This brings in CLs 312829, 317431, 319211.
Fixes#40356.
Fixes#46129.
Change-Id: I2ee1f858b2a41ffa60d88b0c17511ccad57f1816
Reviewed-on: https://go-review.googlesource.com/c/go/+/321389
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Trust: Tim King <taking@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Documents the changes to File.WriteString method.
For #44513.
Fixes#46018.
Change-Id: I3a8ef9df9f84662614d54802710bd705d626b995
Reviewed-on: https://go-review.googlesource.com/c/go/+/317910
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Trust: Cherry Mui <cherryyz@google.com>
Up to FreeBSD 12.1 the package ca_root_nss was needed in order to have
certificates under /usr/local/share/certs as the base system didn't have
a system trusted certificate store.
This has been fixed in FreeBSD 12.2 using /etc/ssl/certs:
https://svnweb.freebsd.org/base?view=revision&revision=357082Fixes#46284
Change-Id: I912b1bacc30cdf20d19e3ef9d09b69bb8055ff49
GitHub-Last-Rev: 0fa5542ea3
GitHub-Pull-Request: golang/go#46276
Reviewed-on: https://go-review.googlesource.com/c/go/+/321190
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Update #36739
Change-Id: I14ab2cd0e29966b9a2f992e8c3bcb415203e63e6
Reviewed-on: https://go-review.googlesource.com/c/go/+/321449
Trust: Joel Sing <joel@sing.id.au>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Currently NewCallback and NewCallbackCDecl may only be called a limited
number of times in a single Go process, but this property of the API is
not documented. This change fixes that, but does not document the
precise limit to avoid making that limit part of the API, leaving us
open to increasing or decreasing the limit in the future as needed.
Although the API avoids documenting a limit, it does guarantee a minimum
callback count so users can rely on at least some amount of callbacks
working.
Updates #46184.
Change-Id: I5129bf5fe301efff73ac112ba1f207ab32058833
Reviewed-on: https://go-review.googlesource.com/c/go/+/321133
Trust: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This test is known to be broken on the darwin/arm64 builder.
Skip it while it's being investigated so it doesn't mask other failures.
For #46239.
Updates #43228.
Change-Id: I8fe57a0636bba84c3100337146dcb96cc264e524
Reviewed-on: https://go-review.googlesource.com/c/go/+/321349
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
If a filepath.WalkFunc returns filepath.SkipDir when invoked on a
non-directory file, it skips the remaining files in the containing
directory.¹
CL 276272 accidentally added a code path that triggers this behavior
whenever filepath.Walk reaches a non-directory file that begins with
a dot, such as .gitattributes or .DS_Store, causing findGorootModules
to return early without finding any modules in GOROOT. Tests that use
it ceased to provide test coverage that the tree is tidy.
Add an explicit check for info.IsDir in the 5 places that intend to
use filepath.SkipDir to skip traversing that directory. Even paths
like GOROOT/bin and GOROOT/pkg which are unlikely to be anything but
a directory are worth checking, since the goal of moddeps is to take
a possibly problematic GOROOT tree as input and detect problems.
While the goal of findGorootModules is to find all modules in GOROOT
programmatically (in case new modules are added or modified), there
are 4 modules now that are quite likely to exist, so check for their
presence to avoid similar regressions. (It's not hard to update this
test if a well-known GOROOT module is removed or otherwise modified;
but if it becomes hard we can simplify it to check for a reasonable
number of modules instead.)
Also fix the minor skew that has crept in since the test got disabled.
¹ This wasn't necessarily an intentional design decision, but it was
found only when Go 1.4 was already out. See CL 11690 for details.
Fixes#46254.
Change-Id: Id55ed926f8c0094b1af923070de72bacca05996f
Reviewed-on: https://go-review.googlesource.com/c/go/+/320991
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
In cases where the socket operation has no underlying address,
golang.org/cl/291509 unintentionally changed ReadFromUDP from return a
nil *UDPAddr to a non-nil (but zero value) *UDPAddr.
This may break callers that assume "no address" is always addr == nil,
so change it back to remain nil.
Fixes#46238
Change-Id: I8531e8fa16b853ed7560088eabda0b9e3e53f5be
Reviewed-on: https://go-review.googlesource.com/c/go/+/320909
Trust: Michael Pratt <mpratt@google.com>
Trust: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
issue46234.go expects an error output "segmentation violation",
which is UNIX-specific. Check for "nil pointer dereference"
instead, which is emitted by the Go runtime and should work on all
platforms.
Should fix Windows builders.
Change-Id: I3f5a66a687d43cae5eaf6a9e942b877e5a248900
Reviewed-on: https://go-review.googlesource.com/c/go/+/321072
Trust: Cherry Mui <cherryyz@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
"// +build" by itself was like "// +build !" - unsatisfiable.
Make it so again (right now it panics).
Fixes#44487.
Change-Id: Iacbc1398af6f988ef011f9f438e792eb62f8f434
Reviewed-on: https://go-review.googlesource.com/c/go/+/320829
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
When inlining functions with closures, ensure that we don't mark the
body of the closure with a src.Pos marker that reflects the inline,
since this will result in the generation of an inltree table for the
closure itself (as opposed to the routine that the func-with-closure
was inlined into).
Fixes#46234.
Change-Id: I348296de6504fc4745d99adab436640f50be299a
Reviewed-on: https://go-review.googlesource.com/c/go/+/320913
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Than McIntosh <thanm@google.com>
Apparently, in bash, the "continue" keyword can only be used
inside of a loop, not in an if block. If readelf exists but $CC
does not, make.bash emits a warning:
./make.bash: line 135: continue: only meaningful in a `for', `while', or `until' loop
Change it to a conditional.
Change-Id: I00a0940ed99bc0c565094e506705961b6b3d362e
Reviewed-on: https://go-review.googlesource.com/c/go/+/320170
Trust: Cherry Mui <cherryyz@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
People continue to be confused by how these work. Address that by some
rejiggering.
Introduce a constant called Layout that both defines the time and
provides a reference point for Parse and Format to refer to. We can
then delete much redundancy, especially for Format's comments, but
Parse tightens a bit too.
Then change the way the concept of the layout string is introduced,
and provide a clearer catalog of what its elements are.
Fixes#38871
Change-Id: Ib967ae70c7d5798a97b865cdda1fda4daed8a99a
Reviewed-on: https://go-review.googlesource.com/c/go/+/320252
Trust: Rob Pike <r@golang.org>
Run-TryBot: Rob Pike <r@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Fix an apparent typo for the right-hand bound in a couple panic
messages, where '[' was used instead of ']'.
Fixes#46215
Change-Id: Ie419c404ca72ed085a83a2c38ea1a5d6ed326cca
Reviewed-on: https://go-review.googlesource.com/c/go/+/320510
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
To pull in CL 318309.
For #41184
Change-Id: I99adb0478e71dbd72e13551a87ed09eae2a0ef2c
Reviewed-on: https://go-review.googlesource.com/c/go/+/320312
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
The test previously had the hardcoded assumption that /proc/self/status
files had "Groups:" lines containing numerical IDs in ascending order.
Because of the possibility of non-monotonic ordering of GIDs in user
namespaces, this assumption was not universally true for all
/proc/self/gid_map setups.
To ensure this test can pass in those setups, sanity check failed
"Groups:" line matches with a string sorted version of the expected
values. (For the test cases here, numerical and string sorted order
are guaranteed to match.)
Fixes#46145
Change-Id: Ia060e80b123604bc394a15c02582fc406f944d36
Reviewed-on: https://go-review.googlesource.com/c/go/+/319591
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
If a user runs 'go get example.com/cmd' for a package in the main
module, it's more likely they intend to fill in missing dependencies
for that package (especially with -u). If the intent were only to
build and install, 'go install example.com/cmd' would be a better
choice.
For #43684
Resolving a comment on CL 305670.
Change-Id: I5c80ffdcdb3425b448f2f49cc20b07a18cb2bbe9
Reviewed-on: https://go-review.googlesource.com/c/go/+/318570
Trust: Jay Conrod <jayconrod@google.com>
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Some uses of crosscall2 did not work on ppc64le and probably
aix-ppc64. In particular, if there was a main program compiled
with -buildmode=pie and used a plugin which invoked crosscall2,
then failures could occur due to R2 getting set incorrectly along the
way. The problem was due to R2 being saved on the caller's
stack; it is now saved on the crosscall2 stack. More details can be
found in the issue.
This adds a testcase where the main program is built with pie
and the plugin invokes crosscall2.
This also changes the save of the CR bits from MOVD to MOVW as
it should be.
Fixes#43228
Change-Id: Ib5673e25a2ec5ee46bf9a1ffb0cb1f3ef5449086
Reviewed-on: https://go-review.googlesource.com/c/go/+/319489
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Trust: Heschi Kreinick <heschi@google.com>
