From: Josh Bleecher Snyder Date: Thu, 1 Mar 2018 06:01:24 +0000 (-0800) Subject: runtime: fix amd64p32 indexbytes in presence of overflow X-Git-Tag: go1.11beta1~1396 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=aa9c1a8f8038e88da6d7cbfdc56e34ff914b7b04;p=gostls13.git runtime: fix amd64p32 indexbytes in presence of overflow When the slice/string length is very large, probably artifically large as in CL 97523, adding BX (length) to R11 (pointer) overflows. As a result, checking DI < R11 yields the wrong result. Since they will be equal when the loop is done, just check DI != R11 instead. Yes, the pointer itself could overflow, but if that happens, something else has gone pretty wrong; not our concern here. Fixes #24187 Change-Id: I2f60fc6ccae739345d01bc80528560726ad4f8c6 Reviewed-on: https://go-review.googlesource.com/97802 Run-TryBot: Josh Bleecher Snyder TryBot-Result: Gobot Gobot Reviewed-by: Keith Randall --- diff --git a/src/runtime/asm_amd64p32.s b/src/runtime/asm_amd64p32.s index a59ba6ad91..dc4c57de13 100644 --- a/src/runtime/asm_amd64p32.s +++ b/src/runtime/asm_amd64p32.s @@ -904,7 +904,7 @@ sse: condition: CMPL DI, R11 - JLT sse + JNE sse // search the end MOVL SI, CX diff --git a/test/fixedbugs/issue24187.go b/test/fixedbugs/issue24187.go new file mode 100644 index 0000000000..45fc929710 --- /dev/null +++ b/test/fixedbugs/issue24187.go @@ -0,0 +1,33 @@ +// +build amd64p32 +// run + +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "bytes" + "fmt" + "unsafe" +) + +func main() { + b := make([]byte, 128) + for i := range b { + b[i] = 1 + } + if bytes.IndexByte(b, 0) != -1 { + panic("found 0") + } + for i := range b { + b[i] = 0 + c := b + *(*int)(unsafe.Pointer(uintptr(unsafe.Pointer(&c)) + unsafe.Sizeof(uintptr(0)))) = 1<<31 - 1 + if bytes.IndexByte(c, 0) != i { + panic(fmt.Sprintf("missing 0 at %d\n", i)) + } + b[i] = 1 + } +}