diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/golden.out | 66 | ||||
| -rw-r--r-- | test/nilptr/arrayindex.go (renamed from test/bugs/bug162.go) | 2 | ||||
| -rw-r--r-- | test/nilptr/arrayindex1.go | 30 | ||||
| -rw-r--r-- | test/nilptr/arraytoslice.go | 35 | ||||
| -rw-r--r-- | test/nilptr/arraytoslice1.go | 32 | ||||
| -rw-r--r-- | test/nilptr/arraytoslice2.go | 33 | ||||
| -rw-r--r-- | test/nilptr/slicearray.go | 31 | ||||
| -rw-r--r-- | test/nilptr/structfield.go | 33 | ||||
| -rw-r--r-- | test/nilptr/structfield1.go | 36 | ||||
| -rw-r--r-- | test/nilptr/structfield2.go | 35 | ||||
| -rw-r--r-- | test/nilptr/structfieldaddr.go | 33 | ||||
| -rwxr-xr-x | test/run | 2 |
12 files changed, 362 insertions, 6 deletions
diff --git a/test/golden.out b/test/golden.out index 2f21c1d20..79c2990bb 100644 --- a/test/golden.out +++ b/test/golden.out @@ -92,6 +92,68 @@ throw: interface conversion panic PC=xxx +== nilptr/ + +=========== nilptr/arrayindex.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/arrayindex1.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/arraytoslice.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/arraytoslice1.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/arraytoslice2.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/slicearray.go +SIGSEGV: segmentation violation +Faulting address: 0xa +pc: xxx + + +=========== nilptr/structfield.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/structfield1.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/structfield2.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + +=========== nilptr/structfieldaddr.go +SIGSEGV: segmentation violation +Faulting address: 0x0 +pc: xxx + + == fixedbugs/ =========== fixedbugs/bug016.go @@ -140,9 +202,5 @@ panic PC=xxx == bugs/ -=========== bugs/bug162.go -123 -BUG: should fail - =========== bugs/bug193.go BUG: errchk: bugs/bug193.go:14: missing expected error: 'shift' diff --git a/test/bugs/bug162.go b/test/nilptr/arrayindex.go index 717f1f0a4..0bc6bf4a8 100644 --- a/test/bugs/bug162.go +++ b/test/nilptr/arrayindex.go @@ -21,5 +21,5 @@ func main() { // Pointer offsets and array indices, if they are // very large, need to dereference the base pointer // to trigger a trap. - println(p[uintptr(unsafe.Pointer(&x))]); + println(p[uintptr(unsafe.Pointer(&x))]); // should crash } diff --git a/test/nilptr/arrayindex1.go b/test/nilptr/arrayindex1.go new file mode 100644 index 000000000..ac72b789d --- /dev/null +++ b/test/nilptr/arrayindex1.go @@ -0,0 +1,30 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into p[] with a large + // enough index jumps out of the unmapped section + // at the beginning of memory and into valid memory. + // Pointer offsets and array indices, if they are + // very large, need to dereference the base pointer + // to trigger a trap. + var p *[1<<30]byte = nil; + println(p[256<<20]); // very likely to be inside dummy, but should crash +} diff --git a/test/nilptr/arraytoslice.go b/test/nilptr/arraytoslice.go new file mode 100644 index 000000000..07ecfe01f --- /dev/null +++ b/test/nilptr/arraytoslice.go @@ -0,0 +1,35 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +func f([]byte) { + panic("unreachable"); +} + +var dummy [512<<20]byte; // give us a big address space +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into p[] with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // + // To avoid needing a check on every slice beyond the + // usual len and cap, we require the *array -> slice + // conversion to do the check. + var p *[1<<30]byte = nil; + f(p); // should crash +} diff --git a/test/nilptr/arraytoslice1.go b/test/nilptr/arraytoslice1.go new file mode 100644 index 000000000..78c0d8538 --- /dev/null +++ b/test/nilptr/arraytoslice1.go @@ -0,0 +1,32 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into p[] with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // + // To avoid needing a check on every slice beyond the + // usual len and cap, we require the *array -> slice + // conversion to do the check. + var p *[1<<30]byte = nil; + var x []byte = p; // should crash + _ = x; +} diff --git a/test/nilptr/arraytoslice2.go b/test/nilptr/arraytoslice2.go new file mode 100644 index 000000000..52a238eb2 --- /dev/null +++ b/test/nilptr/arraytoslice2.go @@ -0,0 +1,33 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +var q *[1<<30]byte; +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into p[] with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // + // To avoid needing a check on every slice beyond the + // usual len and cap, we require the *array -> slice + // conversion to do the check. + var x []byte; + var y = &x; + *y = q; // should crash (uses arraytoslice runtime routine) +} diff --git a/test/nilptr/slicearray.go b/test/nilptr/slicearray.go new file mode 100644 index 000000000..d1d2a25d9 --- /dev/null +++ b/test/nilptr/slicearray.go @@ -0,0 +1,31 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into p[] with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // + // To avoid needing a check on every slice beyond the + // usual len and cap, we require the slice operation + // to do the check. + var p *[1<<30]byte = nil; + var _ []byte = p[10:len(p)-10]; // should crash +} diff --git a/test/nilptr/structfield.go b/test/nilptr/structfield.go new file mode 100644 index 000000000..51da7a9a5 --- /dev/null +++ b/test/nilptr/structfield.go @@ -0,0 +1,33 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +type T struct { + x [256<<20] byte; + i int; +} + +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into t with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // We require the pointer dereference to check. + var t *T; + println(t.i); // should crash +} diff --git a/test/nilptr/structfield1.go b/test/nilptr/structfield1.go new file mode 100644 index 000000000..5390a643d --- /dev/null +++ b/test/nilptr/structfield1.go @@ -0,0 +1,36 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +type T struct { + x [256<<20] byte; + i int; +} + +func f() *T { + return nil; +} + +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into t with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // We require the pointer dereference to check. + println(f().i); // should crash +} diff --git a/test/nilptr/structfield2.go b/test/nilptr/structfield2.go new file mode 100644 index 000000000..f11e3df67 --- /dev/null +++ b/test/nilptr/structfield2.go @@ -0,0 +1,35 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +type T struct { + x [256<<20] byte; + i int; +} + +var y *T; +var x = &y; + +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into t with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // We require the pointer dereference to check. + println((*x).i); // should crash +} diff --git a/test/nilptr/structfieldaddr.go b/test/nilptr/structfieldaddr.go new file mode 100644 index 000000000..5ac5deeb6 --- /dev/null +++ b/test/nilptr/structfieldaddr.go @@ -0,0 +1,33 @@ +// $G $D/$F.go && $L $F.$A && (! ./$A.out || echo BUG: should fail) + +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import "unsafe" + +var dummy [512<<20]byte; // give us a big address space +type T struct { + x [256<<20] byte; + i int; +} + +func main() { + // the test only tests what we intend to test + // if dummy starts in the first 256 MB of memory. + // otherwise there might not be anything mapped + // at the address that might be accidentally + // dereferenced below. + if uintptr(unsafe.Pointer(&dummy)) > 256<<20 { + panic("dummy too far out"); + } + + // The problem here is that indexing into t with a large + // enough index can jump out of the unmapped section + // at the beginning of memory and into valid memory. + // We require the address calculation to check. + var t *T; + println(&t.i); // should crash +} @@ -43,7 +43,7 @@ ulimit -v 4000000 true >pass.out >times.out -for dir in . ken chan interface fixedbugs bugs +for dir in . ken chan interface nilptr fixedbugs bugs do echo echo '==' $dir'/' |