|author||Jason A. Donenfeld <Jason@zx2c4.com>||Mon Dec 13 22:07:04 2021 +0100|
|committer||Jason Donenfeld <Jason@zx2c4.com>||Mon Dec 13 22:30:07 2021 +0000|
windows: allocate attribute list with LocalAlloc, not individual items We didn't want to wind up with Go pointers mangled by win32, so we were previously copying the contents into a LocalAlloc'd blob, and then adding that to the attribute list. The problem is that recent changes to the API broke this design convention, to the point where it expects 0x18 byte objects to be added using size 0x8. This seems like an unfortunate oversight from Microsoft, but there's nothing we can do about it. So we can work around it by instead LocalAlloc'ing the actual container, and then using the exact pointer value that's passed into Update. This commit also adds a test that both makes sure that these functions actually work, and provokes a UaF that's successfully caught, were you to comment out the line of this commit that reads `al.pointers = append(al.pointers, value)`. Fixes golang/go#50134. Change-Id: Ib73346d2d6ca3db601cd236596cefb564d9dc8f1 Reviewed-on: https://go-review.googlesource.com/c/sys/+/371276 Trust: Jason Donenfeld <Jason@zx2c4.com> Run-TryBot: Jason Donenfeld <Jason@zx2c4.com> TryBot-Result: Gopher Robot <firstname.lastname@example.org> Reviewed-by: Patrik Nyblom <email@example.com> Trust: Patrik Nyblom <firstname.lastname@example.org> Run-TryBot: Patrik Nyblom <email@example.com>
This repository holds supplemental Go packages for low-level interactions with the operating system.
The easiest way to install is to run
go get -u golang.org/x/sys. You can also manually git clone the repository to
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the sys repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/sys:” in the subject line, so it is easy to find.