crypto/x509: make '-gcflags=all=-d=checkptr' flag work

Replace

buf := [HUGE_CONST]*T)(unsafe.Pointer(p))[:]

with

buf := [HUGE_CONST]*T)(unsafe.Pointer(p))[:n:n]

Pointer p points to n of T elements. New unsafe pointer conversion
logic verifies that both first and last elements point into the
same Go variable. And this change adjusts all code to comply with
this rule.

Verified by running

go test -a -short -gcflags=all=-d=checkptr crypto/x509

The test does not fail even with original version of this code. I
suspect it is because all variables I changed live outside of Go
memory. But I am just guessing, I don't really know how pointer
checker works.

Updates golang/go#34972

Change-Id: Ibc33fdc9e2023d9b14905c9badf2f0b683999ab8
Reviewed-on: https://go-review.googlesource.com/c/go/+/204621
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/crypto/x509/root_windows.go b/src/crypto/x509/root_windows.go
index 1e3ebe894227d3af730aa12d5547b6bd1cdc3d47..54ab1dcf9c27226f497acd17c1f8fc792b758fe8 100644 (file)
--- a/src/crypto/x509/root_windows.go
+++ b/src/crypto/x509/root_windows.go
@@ -61,15 +61,15 @@ func extractSimpleChain(simpleChain **syscall.CertSimpleChain, count int) (chain
                return nil, errors.New("x509: invalid simple chain")
        }
 
-       simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:]
+       simpleChains := (*[1 << 20]*syscall.CertSimpleChain)(unsafe.Pointer(simpleChain))[:count:count]
        lastChain := simpleChains[count-1]
-       elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:]
+       elements := (*[1 << 20]*syscall.CertChainElement)(unsafe.Pointer(lastChain.Elements))[:lastChain.NumElements:lastChain.NumElements]
        for i := 0; i < int(lastChain.NumElements); i++ {
                // Copy the buf, since ParseCertificate does not create its own copy.
                cert := elements[i].CertContext
-               encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
+               encodedCert := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length]
                buf := make([]byte, cert.Length)
-               copy(buf, encodedCert[:])
+               copy(buf, encodedCert)
                parsedCert, err := ParseCertificate(buf)
                if err != nil {
                        return nil, err
@@ -259,7 +259,7 @@ func loadSystemRoots() (*CertPool, error) {
                        break
                }
                // Copy the buf, since ParseCertificate does not create its own copy.
-               buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
+               buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:cert.Length:cert.Length]
                buf2 := make([]byte, cert.Length)
                copy(buf2, buf)
                if c, err := ParseCertificate(buf2); err == nil {