runtime: check that new slice cap doesn't overflow

Fixes #7550.

LGTM=iant
R=golang-codereviews, iant, josharian
CC=golang-codereviews
https://golang.org/cl/83520043

diff --git a/src/pkg/runtime/slice.goc b/src/pkg/runtime/slice.goc
index 36745e770d0b82d5509531a47ad089a9ce818e38..6112639e02a7357181681c3386021069a47322a3 100644 (file)
--- a/src/pkg/runtime/slice.goc
+++ b/src/pkg/runtime/slice.goc
@@ -65,7 +65,7 @@ func growslice(t *SliceType, old Slice, n int64) (ret Slice) {
 
        cap = old.cap + n;
 
-       if((intgo)cap != cap || cap < old.cap || (t->elem->size > 0 && cap > MaxMem/t->elem->size))
+       if((intgo)cap != cap || cap < (int64)old.cap || (t->elem->size > 0 && cap > MaxMem/t->elem->size))
                runtime·panicstring("growslice: cap out of range");
 
        if(raceenabled) {

diff --git a/test/fixedbugs/issue7550.go b/test/fixedbugs/issue7550.go
new file mode 100644 (file)
index 0000000..0c4cf93
--- /dev/null
+++ b/test/fixedbugs/issue7550.go
@@ -0,0 +1,27 @@
+// run
+
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+func shouldPanic(f func()) {
+        defer func() {
+                if recover() == nil {
+                        panic("not panicking")
+                }
+        }()
+        f()
+}
+
+func f() {
+        length := int(^uint(0) >> 1)
+        a := make([]struct{}, length)
+        b := make([]struct{}, length)
+        _ = append(a, b...)
+}
+
+func main() {
+       shouldPanic(f)
+}