Previously, the compiler failed to unwrap pointers contained within
a no-op interface conversion leading to an incorrect determination
of a non-overlapping move.
To prevent unsafe move operations, the compiler will now unwrap all
such conversions before considering a move non-overlapping.
Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue.
This is CVE-2026-27144 and Go issue https://go.dev/issue/78371.
This is a PRIVATE issue for CVE-2026-27144, tracked in http://b/490151411 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/3780.
/cc @golang/security and @golang/release
Previously, the compiler failed to unwrap pointers contained within
a no-op interface conversion leading to an incorrect determination
of a non-overlapping move.
To prevent unsafe move operations, the compiler will now unwrap all
such conversions before considering a move non-overlapping.
Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue.
This is CVE-2026-27144 and Go issue https://go.dev/issue/78371.
This is a PRIVATE issue for CVE-2026-27144, tracked in http://b/490151411 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/3780.
/cc @golang/security and @golang/release