From dcc9bdf38037af6197f3f50968badb1f0db82e10 Mon Sep 17 00:00:00 2001
From: Keith Randall <khr@golang.org>
Date: Thu, 30 Mar 2023 09:52:39 -0700
Subject: [PATCH] [release-branch.go1.20] crypto/subtle: don't cast to *uintptr
 when word size is 0

Casting to a *uintptr is not ok if there isn't at least 8 bytes of
data backing that pointer (on 64-bit archs).
So although we end up making a slice of 0 length with that pointer,
the cast itself doesn't know that.
Instead, bail early if the result is going to be 0 length.

Fixes #59336

Change-Id: Id3c0e09d341d838835c0382cccfb0f71dc3dc7e6
Reviewed-on: https://go-review.googlesource.com/c/go/+/480575
Run-TryBot: Keith Randall <khr@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
(cherry picked from commit 297cf6dd31bd99fc4ccda320aa3d4faf290ab278)
Reviewed-on: https://go-review.googlesource.com/c/go/+/481238
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
---
 src/crypto/subtle/xor_generic.go |  8 +++++++-
 test/fixedbugs/issue59334.go     | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 test/fixedbugs/issue59334.go

diff --git a/src/crypto/subtle/xor_generic.go b/src/crypto/subtle/xor_generic.go
index 482fcf9b4b..7dc89e315b 100644
--- a/src/crypto/subtle/xor_generic.go
+++ b/src/crypto/subtle/xor_generic.go
@@ -46,7 +46,13 @@ func aligned(dst, x, y *byte) bool {
 // words returns a []uintptr pointing at the same data as x,
 // with any trailing partial word removed.
 func words(x []byte) []uintptr {
-	return unsafe.Slice((*uintptr)(unsafe.Pointer(&x[0])), uintptr(len(x))/wordSize)
+	n := uintptr(len(x)) / wordSize
+	if n == 0 {
+		// Avoid creating a *uintptr that refers to data smaller than a uintptr;
+		// see issue 59334.
+		return nil
+	}
+	return unsafe.Slice((*uintptr)(unsafe.Pointer(&x[0])), n)
 }
 
 func xorLoop[T byte | uintptr](dst, x, y []T) {
diff --git a/test/fixedbugs/issue59334.go b/test/fixedbugs/issue59334.go
new file mode 100644
index 0000000000..06c12cf92f
--- /dev/null
+++ b/test/fixedbugs/issue59334.go
@@ -0,0 +1,18 @@
+// run -tags=purego -gcflags=all=-d=checkptr
+
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import "crypto/subtle"
+
+func main() {
+	dst := make([]byte, 5)
+	src := make([]byte, 5)
+	for _, n := range []int{1024, 2048} { // just to make the size non-constant
+		b := make([]byte, n)
+		subtle.XORBytes(dst, src, b[n-5:])
+	}
+}
-- 
2.48.1