From 4da2bc2eebb480f1c2a726de05f4e085e97d3b6c Mon Sep 17 00:00:00 2001 From: Zeke Lu Date: Mon, 26 Sep 2022 14:53:54 +0000 Subject: [PATCH] internal/saferio: handle potential total size overflow in SliceCap Before the change, "SliceCap((*int64)(nil), 1<<62)" returns 1<<62. That's because "uintptr(c)*size" overflows and gives 0 which is less than the "chunk". SliceCap should return -1 in this case. Change-Id: I4e99224c8ac0fc72032c6be86d7318d33d083cd8 GitHub-Last-Rev: ca30bcce456d20702e3699822cd4f1c963ef1cec GitHub-Pull-Request: golang/go#55870 Reviewed-on: https://go-review.googlesource.com/c/go/+/434335 Reviewed-by: Ian Lance Taylor Reviewed-by: Dmitri Shuralyov Auto-Submit: Ian Lance Taylor Run-TryBot: Ian Lance Taylor TryBot-Result: Gopher Robot Run-TryBot: Ian Lance Taylor --- src/internal/saferio/io.go | 7 +++++-- src/internal/saferio/io_test.go | 7 +++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/internal/saferio/io.go b/src/internal/saferio/io.go index b10d117513..66cc044c74 100644 --- a/src/internal/saferio/io.go +++ b/src/internal/saferio/io.go @@ -121,8 +121,11 @@ func SliceCap(v any, c uint64) int { if typ.Kind() != reflect.Ptr { panic("SliceCap called with non-pointer type") } - size := typ.Elem().Size() - if uintptr(c)*size > chunk { + size := uint64(typ.Elem().Size()) + if size > 0 && c > (1<<64-1)/size { + return -1 + } + if c*size > chunk { c = uint64(chunk / size) if c == 0 { c = 1 diff --git a/src/internal/saferio/io_test.go b/src/internal/saferio/io_test.go index 290181f2a0..356c9ebdd1 100644 --- a/src/internal/saferio/io_test.go +++ b/src/internal/saferio/io_test.go @@ -126,4 +126,11 @@ func TestSliceCap(t *testing.T) { t.Errorf("SliceCap returned %d, expected failure", c) } }) + + t.Run("overflow", func(t *testing.T) { + c := SliceCap((*int64)(nil), 1<<62) + if c >= 0 { + t.Errorf("SliceCap returned %d, expected failure", c) + } + }) } -- 2.48.1