cmd/go: remove user-content from doc strings in cgo ASTs.

Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue.

Updates golang/go#76697
Fixes CVE-2025-61732

Change-Id: I1121502f1bf1e91309eb4bd41cc3a09c39366d36
Reviewed-on: https://go-review.googlesource.com/c/go/+/734220
Reviewed-by: Agustin Hernandez <garisol1982@gmail.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/src/cmd/cgo/ast.go b/src/cmd/cgo/ast.go
index 2da6ca5a30f38ad36c59df6fd7f995fd3fce0c75..df0552f525adadf3208d1432894e7c156c888498 100644 (file)
--- a/src/cmd/cgo/ast.go
+++ b/src/cmd/cgo/ast.go
@@ -301,17 +301,12 @@ func (f *File) saveExport(x any, context astContext) {
                        error_(c.Pos(), "export comment has wrong name %q, want %q", name, n.Name.Name)
                }
 
-               doc := ""
-               for _, c1 := range n.Doc.List {
-                       if c1 != c {
-                               doc += c1.Text + "\n"
-                       }
-               }
-
                f.ExpFunc = append(f.ExpFunc, &ExpFunc{
                        Func:    n,
                        ExpName: name,
-                       Doc:     doc,
+                       // Caution: Do not set the Doc field on purpose
+                       // to ensure that there are no unintended artifacts
+                       // in the binary. See https://go.dev/issue/76697.
                })
                break
        }