windows: ensure SECURITY_DESCRIPTOR allocation is large enough

Self-relative security descriptors can sometimes be smaller than the
header size of the SECURITY_DESCRIPTOR struct, which is fine in C, but
checkptr complains about it, so instead, ensure that the allocation is
at least the size of the SECURITY_DESCRIPTOR struct.

This fixes this splat:

fatal error: checkptr: converted pointer straddles multiple allocations

goroutine 36 [running]:
runtime.throw(0x761c5f, 0x3a)
        /usr/lib/go/src/runtime/panic.go:1117 +0x79 fp=0xc00005dd90 sp=0xc00005dd60 pc=0x5fb8d9
runtime.checkptrAlignment(0xc0001a4020, 0x741860, 0x1)
        /usr/lib/go/src/runtime/checkptr.go:20 +0xc9 fp=0xc00005ddc0 sp=0xc00005dd90 pc=0x5c7729*SECURITY_DESCRIPTOR).copySelfRelativeSecurityDescriptor(0x1b9ad638190, 0x2)
        /home/zx2c4/Projects/golang-dev/sys/windows/security_windows.go:1359 +0x1b7 fp=0xc00005de50 sp=0xc00005ddc0 pc=0x6f0077, 0x2, 0x0, 0x0, 0x0)
        /home/zx2c4/Projects/golang-dev/sys/windows/security_windows.go:1371 +0xde fp=0xc00005deb8 sp=0xc00005de50 pc=0x6f019e

Change-Id: I552017a93d4ca6f6debc6f8f445dac5c6717fed1
Trust: Jason A. Donenfeld <>
Trust: Josh Bleecher Snyder <>
Run-TryBot: Jason A. Donenfeld <>
TryBot-Result: Go Bot <>
Reviewed-by: Josh Bleecher Snyder <>
diff --git a/windows/security_windows.go b/windows/security_windows.go
index dd68372..111c10d 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go
@@ -1334,7 +1334,11 @@
 func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() *SECURITY_DESCRIPTOR {
-	sdLen := (int)(selfRelativeSD.Length())
+	sdLen := int(selfRelativeSD.Length())
+	const min = int(unsafe.Sizeof(SECURITY_DESCRIPTOR{}))
+	if sdLen < min {
+		sdLen = min
+	}
 	var src []byte
 	h := (*unsafeheader.Slice)(unsafe.Pointer(&src))