| // Copyright 2019 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package runtime |
| |
| import "unsafe" |
| |
| func checkptrAlignment(p unsafe.Pointer, elem *_type, n uintptr) { |
| // nil pointer is always suitably aligned (#47430). |
| if p == nil { |
| return |
| } |
| |
| // Check that (*[n]elem)(p) is appropriately aligned. |
| // Note that we allow unaligned pointers if the types they point to contain |
| // no pointers themselves. See issue 37298. |
| // TODO(mdempsky): What about fieldAlign? |
| if elem.PtrBytes != 0 && uintptr(p)&(uintptr(elem.Align_)-1) != 0 { |
| throw("checkptr: misaligned pointer conversion") |
| } |
| |
| // Check that (*[n]elem)(p) doesn't straddle multiple heap objects. |
| // TODO(mdempsky): Fix #46938 so we don't need to worry about overflow here. |
| if checkptrStraddles(p, n*elem.Size_) { |
| throw("checkptr: converted pointer straddles multiple allocations") |
| } |
| } |
| |
| // checkptrStraddles reports whether the first size-bytes of memory |
| // addressed by ptr is known to straddle more than one Go allocation. |
| func checkptrStraddles(ptr unsafe.Pointer, size uintptr) bool { |
| if size <= 1 { |
| return false |
| } |
| |
| // Check that add(ptr, size-1) won't overflow. This avoids the risk |
| // of producing an illegal pointer value (assuming ptr is legal). |
| if uintptr(ptr) >= -(size - 1) { |
| return true |
| } |
| end := add(ptr, size-1) |
| |
| // TODO(mdempsky): Detect when [ptr, end] contains Go allocations, |
| // but neither ptr nor end point into one themselves. |
| |
| return checkptrBase(ptr) != checkptrBase(end) |
| } |
| |
| func checkptrArithmetic(p unsafe.Pointer, originals []unsafe.Pointer) { |
| if 0 < uintptr(p) && uintptr(p) < minLegalPointer { |
| throw("checkptr: pointer arithmetic computed bad pointer value") |
| } |
| |
| // Check that if the computed pointer p points into a heap |
| // object, then one of the original pointers must have pointed |
| // into the same object. |
| base := checkptrBase(p) |
| if base == 0 { |
| return |
| } |
| |
| for _, original := range originals { |
| if base == checkptrBase(original) { |
| return |
| } |
| } |
| |
| throw("checkptr: pointer arithmetic result points to invalid allocation") |
| } |
| |
| // checkptrBase returns the base address for the allocation containing |
| // the address p. |
| // |
| // Importantly, if p1 and p2 point into the same variable, then |
| // checkptrBase(p1) == checkptrBase(p2). However, the converse/inverse |
| // is not necessarily true as allocations can have trailing padding, |
| // and multiple variables may be packed into a single allocation. |
| func checkptrBase(p unsafe.Pointer) uintptr { |
| // stack |
| if gp := getg(); gp.stack.lo <= uintptr(p) && uintptr(p) < gp.stack.hi { |
| // TODO(mdempsky): Walk the stack to identify the |
| // specific stack frame or even stack object that p |
| // points into. |
| // |
| // In the mean time, use "1" as a pseudo-address to |
| // represent the stack. This is an invalid address on |
| // all platforms, so it's guaranteed to be distinct |
| // from any of the addresses we might return below. |
| return 1 |
| } |
| |
| // heap (must check after stack because of #35068) |
| if base, _, _ := findObject(uintptr(p), 0, 0); base != 0 { |
| return base |
| } |
| |
| // data or bss |
| for _, datap := range activeModules() { |
| if datap.data <= uintptr(p) && uintptr(p) < datap.edata { |
| return datap.data |
| } |
| if datap.bss <= uintptr(p) && uintptr(p) < datap.ebss { |
| return datap.bss |
| } |
| } |
| |
| return 0 |
| } |