reflect: fix map type generation

If a map variable is created with reflect.New it has incorrect type (map[unsafe.Pointer]unsafe.Pointer).
If GC follows such pointer, it scans Hmap and buckets with incorrect type.
This can lead to overscan of up to 120 bytes for map[int8]struct{}.
Which in turn can lead to crash if the memory after a bucket object is unaddressable
or false retention (buckets are scanned as arrays of unsafe.Pointer).
I don't see how it can lead to heap corruptions, though.

LGTM=khr
R=rsc, khr
CC=golang-codereviews
https://golang.org/cl/96270044

diff --git a/src/pkg/reflect/type.go b/src/pkg/reflect/type.go
index 5a4ac8cf7c10596cfebf7d278d07529350dfd7ec..40d76f99d042026d48b680b557fe8f88fa75f8d9 100644 (file)
--- a/src/pkg/reflect/type.go
+++ b/src/pkg/reflect/type.go
@@ -1541,6 +1541,13 @@ func MapOf(key, elem Type) Type {
        mt.uncommonType = nil
        mt.ptrToThis = nil
        mt.zero = unsafe.Pointer(&make([]byte, mt.size)[0])
+       mt.gc = unsafe.Pointer(&ptrGC{
+               width:  unsafe.Sizeof(uintptr(0)),
+               op:     _GC_PTR,
+               off:    0,
+               elemgc: mt.hmap.gc,
+               end:    _GC_END,
+       })
 
        // INCORRECT. Uncomment to check that TestMapOfGC and TestMapOfGCValues
        // fail when mt.gc is wrong.