qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-09-28 20:24:29 -06:00
Code Releases Activity
The Go programming language
49,976 Commits 58 Branches 402 Tags 522 MiB
Go 89.6%
Assembly 5.2%
HTML 4.8%
C 0.2%
Shell 0.1%
77f2750f43
Go to file
Cherry Mui 77f2750f43 misc/wasm, cmd/link: do not let command line args overwrite global data 
On Wasm, wasm_exec.js puts command line arguments at the beginning
of the linear memory (following the "zero page"). Currently there
is no limit for this, and a very long command line can overwrite
the program's data section. Prevent this by limiting the command
line to 4096 bytes, and in the linker ensuring the data section
starts at a high enough address (8192).

(Arguably our address assignment on Wasm is a bit confusing. This
is the minimum fix I can come up with.)

Thanks to Ben Lubar for reporting this issue.

Fixes #48797
Fixes CVE-2021-38297

Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/354571
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Trust: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
2021-10-07 18:45:53 +00:00
.github .github: update IRC server 2021-09-30 19:56:27 +00:00
api net/http: add Cookie.Valid method 2021-10-06 23:26:57 +00:00
doc cmd/go: add release note for 'go get' changes 2021-09-28 17:19:19 +00:00
lib/time lib/time: fix RFC 6557 url 2021-08-15 02:18:46 +00:00
misc misc/wasm, cmd/link: do not let command line args overwrite global data 2021-10-07 18:45:53 +00:00
src misc/wasm, cmd/link: do not let command line args overwrite global data 2021-10-07 18:45:53 +00:00
test cmd/compile: fix the index variable is shadowed in dictPass 2021-10-07 16:38:24 +00:00
.gitattributes all: treat all files as binary, but check in .bat with CRLF 2020-06-08 15:31:43 +00:00
.gitignore internal/buildcfg: move build configuration out of cmd/internal/objabi 2021-04-16 19:20:53 +00:00
AUTHORS A+C: update name to real name and add to AUTHORS 2021-09-16 23:57:28 +00:00
codereview.cfg codereview.cfg: add codereview.cfg for master branch 2021-02-19 18:44:53 +00:00
CONTRIBUTING.md all: restore changes from faulty merge/revert 2018-02-12 20:13:59 +00:00
CONTRIBUTORS A+C: update name to real name and add to AUTHORS 2021-09-16 23:57:28 +00:00
LICENSE
PATENTS
README.md README.md: update contribute URL 2021-09-30 13:33:21 +00:00
SECURITY.md SECURITY.md: update go versions 2019-09-26 15:34:57 +00:00

README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines at https://golang.org/doc/contribute.

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.