Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/compile: always nil check interface calls #22703

Closed
randall77 opened this issue Nov 13, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@randall77
Copy link
Contributor

commented Nov 13, 2017

package main
type I interface {
	foo()
}
func main() {
	var i I
	i.foo()
}

When, I run it, I get:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x104b332]

goroutine 1 [running]:
main.main()
	/Users/khr/gowork/tmp1.go:9 +0x22
exit status 2

Note the faulting address is 0x18. That's the offset of runtime.itab.fun[0]. The code is trying to load the function pointer from a nil itab pointer.
There's a subtle bug here - if an interface has lots of methods, that offset is potentially large enough to not fault when loading from the nil itab. We'll then jump to arbitrary code.

It's even potentially a security risk. I'm not too worried, though, as it requires an interface with >~ pagesize/ptrsize = 512 methods to even present that attack surface.

We do the right thing for methods that we go or defer, see CL 23820. I think we just need to do the nil check for everything. It should be easy to optimize out in the common case.

First reported on golang-nuts: https://groups.google.com/forum/#!topic/golang-nuts/MCBYxlaD-08

@cherrymui

@bradfitz bradfitz added the NeedsFix label Nov 14, 2017

@bradfitz bradfitz added this to the Go1.10 milestone Nov 14, 2017

@gopherbot

This comment has been minimized.

Copy link

commented Nov 14, 2017

Change https://golang.org/cl/77450 mentions this issue: cmd/compile: always nil check before interface call

@gopherbot gopherbot closed this in fa1f52c Nov 14, 2017

@golang golang locked and limited conversation to collaborators Nov 14, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.