reflect: fix map type generation

If a map variable is created with reflect.New it has incorrect type (map[unsafe.Pointer]unsafe.Pointer). If GC follows such pointer, it scans Hmap and buckets with incorrect type. This can lead to overscan of up to 120 bytes for map[int8]struct{}. Which in turn can lead to crash if the memory after a bucket object is unaddressable or false retention (buckets are scanned as arrays of unsafe.Pointer). I don't see how it can lead to heap corruptions, though. LGTM=khr R=rsc, khr CC=golang-codereviews https://golang.org/cl/96270044
2014-05-13 09:53:47 +04:00 · 2014-05-13 09:53:47 +04:00 · 5bc1cef869
parent a12661329b
commit 5bc1cef869
1 changed files with 7 additions and 0 deletions
--- a/src/pkg/reflect/type.go
+++ b/src/pkg/reflect/type.go
@ -1541,6 +1541,13 @@ func MapOf(key, elem Type) Type {
 	mt.uncommonType = nil
 	mt.ptrToThis = nil
 	mt.zero = unsafe.Pointer(&make([]byte, mt.size)[0])
+	mt.gc = unsafe.Pointer(&ptrGC{
+		width:  unsafe.Sizeof(uintptr(0)),
+		op:     _GC_PTR,
+		off:    0,
+		elemgc: mt.hmap.gc,
+		end:    _GC_END,
+	})

 	// INCORRECT. Uncomment to check that TestMapOfGC and TestMapOfGCValues
 	// fail when mt.gc is wrong.