In looking at examples for #21165, I noticed an unchecked overflow in the syscall package on the nacl platform.
The queue implementation in syscall/net_nacl.go waits on the difference q.w-q.r, and the read and write methods of byteq and msgq increment those variables without checking for overflow. w and r both have type int, so on a 32-bit build it is quite possible to overflow one or the other and cause the reader and/or writer to deadlock.
bradfitz
changed the title
syscall(nacl): unchecked overflow in byteq and msgq
syscall: unchecked overflow in byteq and msgq with GOOS=nacl
Jul 25, 2017
In looking at examples for #21165, I noticed an unchecked overflow in the syscall package on the nacl platform.
The
queue
implementation insyscall/net_nacl.go
waits on the differenceq.w-q.r
, and theread
andwrite
methods ofbyteq
andmsgq
increment those variables without checking for overflow.w
andr
both have typeint
, so on a 32-bit build it is quite possible to overflow one or the other and cause the reader and/or writer to deadlock.This program times out due to the deadlock: https://play.golang.org/p/C_YmUjwXwW
In contrast, stopping the reader just before the overflow causes the program to exit successfully: https://play.golang.org/p/XPEU7FoTes
The difference between the two is just one iteration of the loop: the one that tips the writer across that overflow:
(Proposal #19624 would report the overflow here instead of deadlocking the program.)
The text was updated successfully, but these errors were encountered: