From: Hans <hzb153@gmail.com>
Date: Wed, 28 Jul 2021 05:57:25 +0000 (+0000)
Subject: runtime: ensure the fixalloc object size is valid
X-Git-Tag: go1.18beta1~1511
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=90ed541149c781a96b86060a7618f73dcf347f28;p=gostls13.git

runtime: ensure the fixalloc object size is valid

Usually, fixalloc is used to allocate small, persistent and reuseable
objects. The size is typically between range [sizeof(mlink), _FixAllocChunk].

It's rare for being out of the range. But if it did happen, we got a
hard-to-discover memory corruption. This commit prevents that situation by limiting object's size.

Change-Id: If6ef8b0831596464e0f55d09f79094b79ae08c66
GitHub-Last-Rev: cb8b1b01bbf452195f4f098d53cca74affc496ff
GitHub-Pull-Request: golang/go#47395
Reviewed-on: https://go-review.googlesource.com/c/go/+/337429
Reviewed-by: Austin Clements <austin@google.com>
Run-TryBot: Austin Clements <austin@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cherry Mui <cherryyz@google.com>
---

diff --git a/src/runtime/mfixalloc.go b/src/runtime/mfixalloc.go
index 293c16b38b..a81139a389 100644
--- a/src/runtime/mfixalloc.go
+++ b/src/runtime/mfixalloc.go
@@ -50,6 +50,13 @@ type mlink struct {
 // Initialize f to allocate objects of the given size,
 // using the allocator to obtain chunks of memory.
 func (f *fixalloc) init(size uintptr, first func(arg, p unsafe.Pointer), arg unsafe.Pointer, stat *sysMemStat) {
+	if size > _FixAllocChunk {
+		throw("runtime: fixalloc size too large")
+	}
+	if min := unsafe.Sizeof(mlink{}); size < min {
+		size = min
+	}
+
 	f.size = size
 	f.first = first
 	f.arg = arg