mirror of
https://github.com/golang/go
synced 2024-11-23 03:30:02 -07:00
0f8dffd0aa
As it can't appear in user package paths. There is a hack for handling "go:buildid" and "type:*" on windows/386. Previously, windows/386 requires underscore prefix on external symbols, but that's only applied for SHOSTOBJ/SUNDEFEXT or cgo export symbols. "go.buildid" is STEXT, "type.*" is STYPE, thus they are not prefixed with underscore. In external linking mode, the external linker can't resolve them as external symbols. But we are lucky that they have "." in their name, so the external linker see them as Forwarder RVA exports. See: - https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-address-table - https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=ld/pe-dll.c;h=e7b82ba6ffadf74dc1b9ee71dc13d48336941e51;hb=HEAD#l972) This CL changes "." to ":" in symbols name, so theses symbols can not be found by external linker anymore. So a hacky way is adding the underscore prefix for these 2 symbols. I don't have enough knowledge to verify whether adding the underscore for all STEXT/STYPE symbols are fine, even if it could be, that would be done in future CL. Fixes #37762 Change-Id: I92eaaf24c0820926a36e0530fdb07b07af1fcc35 Reviewed-on: https://go-review.googlesource.com/c/go/+/317917 Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
71 lines
4.1 KiB
Go
71 lines
4.1 KiB
Go
// run
|
|
|
|
// Copyright 2020 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// This test is not for a fix of 29312 proper, but for the patch that
|
|
// makes sure we at least don't have a security hole because of 29312.
|
|
|
|
// This code generates lots of types. The binary should contain
|
|
// a runtime.slicetype for each of the following 253 types:
|
|
//
|
|
// []*pwn
|
|
// [][]*pwn
|
|
// ...
|
|
// [][]...[][]*pwn - 249 total "[]"
|
|
// [][]...[][][]*pwn - 250 total "[]"
|
|
// [][]...[][][][]*pwn - 251 total "[]"
|
|
// [][]...[][][][][]*pwn - 252 total "[]"
|
|
// [][]...[][][][][][]*pwn - 253 total "[]"
|
|
//
|
|
// The type names for these types are as follows. Because we truncate
|
|
// the name at depth 250, the last few names are all identical:
|
|
//
|
|
// type:[]*"".pwn
|
|
// type:[][]*"".pwn
|
|
// ...
|
|
// type:[][]...[][]*pwn - 249 total "[]"
|
|
// type:[][]...[][][]*<...> - 250 total "[]"
|
|
// type:[][]...[][][][]<...> - 251 total "[]"
|
|
// type:[][]...[][][][]<...> - 252 total "[]" (but only 251 "[]" in the name)
|
|
// type:[][]...[][][][]<...> - 253 total "[]" (but only 251 "[]" in the name)
|
|
//
|
|
// Because the names of the last 3 types are all identical, the
|
|
// compiler will generate only a single runtime.slicetype data
|
|
// structure for all 3 underlying types. It turns out the compiler
|
|
// generates just the 251-entry one. There aren't any
|
|
// runtime.slicetypes generated for the final two types.
|
|
//
|
|
// The compiler passes type:[]...[]<...> (251 total "[]") to
|
|
// fmt.Sprintf (instead of the correct 253 one). But the data
|
|
// structure at runtime actually has 253 nesting levels. So we end up
|
|
// calling String on something that is of type [][]*pwn instead of
|
|
// something of type *pwn. The way arg passing in Go works, the
|
|
// backing store pointer for the outer slice becomes the "this"
|
|
// pointer of the String method, which points to the inner []*pwn
|
|
// slice. The String method then modifies the length of that inner
|
|
// slice.
|
|
package main
|
|
|
|
import "fmt"
|
|
|
|
type pwn struct {
|
|
a [3]uint
|
|
}
|
|
|
|
func (this *pwn) String() string {
|
|
this.a[1] = 7 // update length
|
|
return ""
|
|
}
|
|
|
|
func main() {
|
|
var a pwn
|
|
s := [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]*pwn{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{&a}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} // depth 253
|
|
fmt.Sprint(s)
|
|
n := len(s[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]) // depth 252, type []*pwn
|
|
if n != 1 {
|
|
panic(fmt.Sprintf("length was changed, want 1 got %d", n))
|
|
}
|
|
}
|