runtime: do not attempt bulkBarrierPreWrite when dst slice length is zero

If dst slice length is zero in makeslicecopy then the called mallocgc is
using a fast path to only return a pointer to runtime.zerobase.
There may be no heapBits for that address readable by
bulkBarrierPreWriteSrcOnly which will cause a panic.

Protect against this by not calling bulkBarrierPreWriteSrcOnly if
there is nothing to copy. This is the case for all cases where the
length of the destination slice is zero.

runtime.growslice and runtime.typedslicecopy have fast paths that
do not call bulkBarrierPreWrite for zero copy lengths either.

Fixes #38929

Change-Id: I78ece600203a0a8d24de5b6c9eef56f605d44e99
Reviewed-on: https://go-review.googlesource.com/c/go/+/232800
Reviewed-by: Keith Randall <khr@golang.org>

diff --git a/src/runtime/slice.go b/src/runtime/slice.go
index d9949e793924b341bb4a8d8652f65eb305712170..0418ace25a532ac7014f2b5909072d30b1ab0903 100644 (file)
--- a/src/runtime/slice.go
+++ b/src/runtime/slice.go
@@ -59,7 +59,7 @@ func makeslicecopy(et *_type, tolen int, fromlen int, from unsafe.Pointer) unsaf
        } else {
                // Note: can't use rawmem (which avoids zeroing of memory), because then GC can scan uninitialized memory.
                to = mallocgc(tomem, et, true)
-               if writeBarrier.enabled {
+               if copymem > 0 && writeBarrier.enabled {
                        // Only shade the pointers in old.array since we know the destination slice to
                        // only contains nil pointers because it has been cleared during alloc.
                        bulkBarrierPreWriteSrcOnly(uintptr(to), uintptr(from), copymem)