runtime: fix GC scanning of slices

If a slice points to an array embedded in a struct, the whole struct can be incorrectly scanned as the slice buffer. Fixes #5443. R=cshapiro, iant, r, cshapiro, minux.ma CC=bradfitz, gobot, golang-dev https://golang.org/cl/9372044

runtime: fix GC scanning of slices
If a slice points to an array embedded in a struct, the whole struct can be incorrectly scanned as the slice buffer. Fixes #5443. R=cshapiro, iant, r, cshapiro, minux.ma CC=bradfitz, gobot, golang-dev https://golang.org/cl/9372044
c6293d21 · Dmitriy Vyukov · 9e643ac2 · c6293d21 · c6293d21
Commit c6293d21 authored May 15, 2013 by Dmitriy Vyukov
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 1 deletion

src/pkg/runtime/gc_test.go src/pkg/runtime/gc_test.go +24 -0

src/pkg/runtime/mgc0.c src/pkg/runtime/mgc0.c +5 -1

No files found.
--- a/src/pkg/runtime/gc_test.go
+++ b/src/pkg/runtime/gc_test.go
@@ -97,3 +97,27 @@ func TestGcHashmapIndirection(t *testing.T) {
 		m[a] = T{}
 	}
 }
+
+func TestGcArraySlice(t *testing.T) {
+	type X struct {
+		buf     [1]byte
+		nextbuf []byte
+		next    *X
+	}
+	var head *X
+	for i := 0; i < 10; i++ {
+		p := &X{}
+		p.buf[0] = 42
+		p.next = head
+		if head != nil {
+			p.nextbuf = head.buf[:]
+		}
+		head = p
+		runtime.GC()
+	}
+	for p := head; p != nil; p = p.next {
+		if p.buf[0] != 42 {
+			t.Fatal("corrupted heap")
+		}
+	}
+}
--- a/src/pkg/runtime/mgc0.c
+++ b/src/pkg/runtime/mgc0.c
@@ -799,7 +799,11 @@ scanblock(Workbuf *wbuf, Obj *wp, uintptr nobj, bool keepworking)
 			sliceptr = (Slice*)(stack_top.b + pc[1]);
 			if(sliceptr->cap != 0) {
 				obj = sliceptr->array;
-				objti = pc[2] | PRECISE | LOOP;
+				// Can't use slice element type for scanning,
+				// because if it points to an array embedded
+				// in the beginning of a struct,
+				// we will scan the whole struct as the slice.
+				// So just obtain type info from heap.
 			}
 			pc += 3;
 			break;