From 1ab9176e54bedd37cbb0c6941160a0cfc2e24eac Mon Sep 17 00:00:00 2001
From: Rick Hudson <rlh@golang.org>
Date: Mon, 22 Jun 2015 14:05:00 -0400
Subject: [PATCH] runtime: remove race and increase precision in pointer
 validation.

This CL removes the single and racy use of mheap.arena_end outside
of the bookkeeping done in mHeap_init and mHeap_Alloc.
There should be no way for heapBitsForSpan to see a pointer to
an invalid span. This CL makes the check for this more precise by
checking that the pointer is between mheap_.arena_start and
mheap_.arena_used instead of mheap_.arena_end.

Change-Id: I1200b54353ee1eda002d92645fd8d26048600ceb
Reviewed-on: https://go-review.googlesource.com/11342
Reviewed-by: Austin Clements <austin@google.com>
---
 src/runtime/mbitmap.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/runtime/mbitmap.go b/src/runtime/mbitmap.go
index 146ffbfcb6..4d39c321d8 100644
--- a/src/runtime/mbitmap.go
+++ b/src/runtime/mbitmap.go
@@ -164,7 +164,7 @@ func heapBitsForAddr(addr uintptr) heapBits {
 
 // heapBitsForSpan returns the heapBits for the span base address base.
 func heapBitsForSpan(base uintptr) (hbits heapBits) {
-	if base < mheap_.arena_start || base >= mheap_.arena_end {
+	if base < mheap_.arena_start || base >= mheap_.arena_used {
 		throw("heapBitsForSpan: base out of range")
 	}
 	hbits = heapBitsForAddr(base)
-- 
2.51.0