Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-10-19 11:03:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
go/src
History
Filippo Valsorda b4a333fea5 crypto/internal/fips140/bigmod: explicitly clear expanded limbs on reset 
Russ Cox noticed that reset was clearing limbs up to the *previous* Nat
size, not up to the new size, because clear(x.limbs) was happening
before the x.limbs[:n] reslice.

That's potentially a severe issue, because it may leave garbage in
x.limbs[len(x.limbs):n] if n < cap(x.limbs).

We were saved by an accidental invariant caused by the bug itself,
though: x.limbs[len(x.limbs):cap(x.limbs)] are always zero.

reset was always clearing all exposed (and hence potentially non-zero)
limbs before shrinking the Nat, and the only other function that could
shrink the Nat was trim, which only trims zero limbs.

Near miss.

Preserve the accidental invariant in the fix, because memclr is cheap
and it just proved it can save us from potential mistakes.

Change-Id: I6a6a4656a77735d8e8d520c699c4d85dd33ce497
Reviewed-on: https://go-review.googlesource.com/c/go/+/655056
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
2025-03-07 11:32:59 -08:00
..
archive archive/zip: preallocate fileList size for Reader.Open 2025-03-07 11:31:30 -08:00
arena
bufio bufio: skip network test if unixpacket socket not supported 2025-02-07 11:37:07 -08:00
builtin builtin: use list instead of indentation for comments in cap, len, and make 2024-12-30 15:59:23 -08:00
bytes bytes,strings: remove redundant return statement for Lines 2025-02-19 10:22:08 -08:00
cmd go/types,types2: allocate the used* maps in initFiles 2025-03-07 10:54:49 -08:00
cmp cmd/compile: remove redundant calls to cmpstring 2024-04-19 16:31:02 +00:00
compress compress/lzw,compress/gzip,compress/flate,compress/zlib,compress/bzip2: go doc links 2025-03-06 08:21:08 -08:00
container container/heap: remove confusing claim of memory leak 2024-01-31 20:27:36 +00:00
context context: skip allocs test with -asan 2025-03-04 16:37:03 -08:00
crypto crypto/internal/fips140/bigmod: explicitly clear expanded limbs on reset 2025-03-07 11:32:59 -08:00
database/sql database/sql: use t.Context in tests 2025-02-10 12:34:55 -08:00
debug debug/buildinfo: base64-encode test binaries 2025-02-20 14:20:00 -08:00
embed embed: document exclusions more explicitly 2024-12-05 17:20:19 +00:00
encoding encoding/pem: clarify Decode only works on lines 2025-03-05 07:57:03 -08:00
errors errors: reference Go 1.13 article about errors 2024-09-30 17:37:38 +00:00
expvar all: make use of sync.Map.Clear 2024-04-26 21:32:11 +00:00
flag flag: replace interface{} -> any for textValue.Get method 2025-02-28 08:43:46 -08:00
fmt fmt, strconv: document that exponent is always two digits 2024-12-17 07:54:13 -08:00
go go/types,types2: allocate the used* maps in initFiles 2025-03-07 10:54:49 -08:00
hash hash/maphash, cmd/compile: make Comparable[string] not escape its argument 2024-12-02 21:27:06 +00:00
html html/template: example for disallowed script type change 2025-03-05 12:18:08 -08:00
image internal/byteorder: use canonical Go casing in names 2024-11-20 20:59:28 +00:00
index/suffixarray all: change from sort functions to slices functions where feasible 2024-05-23 01:00:11 +00:00
internal go/types, types2: use errorCause instead of reportf in comparableType 2025-03-06 13:40:58 -08:00
io std: add //go:fix inline directives to some deprecated functions 2025-02-15 08:06:58 -08:00
iter iter: improve documentation with iterator example 2024-12-27 05:44:33 -08:00
log all: use a more straightforward return value 2025-02-18 09:28:50 -08:00
maps all: fix some function names and typos in comment 2024-11-21 22:16:20 +00:00
math math/big: avoid negative slice size in nat.rem 2025-03-06 08:08:34 -08:00
mime mime/quotedprintable: accept LWSP-char after = 2025-03-04 05:00:10 -08:00
net net: add comment about blocking to Conn.Close 2025-03-06 15:35:06 -08:00
os os: add missing calls to Root.Close() in tests 2025-03-06 10:29:01 -08:00
path path/filepath: use RtlIsDosDeviceName_U to detect Windows devices 2025-02-19 09:41:00 -08:00
plugin plugin: include a warning about race detector compatability in docs 2024-08-09 19:50:41 +00:00
reflect reflect: add more tests for Type.{CanSeq,CanSeq2} 2025-02-28 11:09:39 -08:00
regexp all: omit unnecessary 0 in slice expression 2024-09-03 20:55:15 +00:00
runtime cmd/compile: remove no-longer-necessary recursive inlining checks 2025-03-06 10:07:17 -08:00
slices slices: document two oddities 2024-12-21 08:22:08 -08:00
sort sort: add examples for SearchStrings, SliceIsSorted 2024-12-03 17:07:42 +00:00
strconv strconv: use builtin min function in commonPrefixLenIgnoreCase 2025-02-24 17:38:00 -08:00
strings bytes,strings: remove redundant return statement for Lines 2025-02-19 10:22:08 -08:00
structs cmd/compile: add structs.HostLayout 2024-05-20 21:19:39 +00:00
sync sync: document behavior of Map.Delete when key is not present 2025-03-05 03:28:07 -08:00
syscall runtime: in asan mode call __lsan_do_leak_check when exiting 2025-03-05 18:23:46 -08:00
testdata
testing testing: modify got,want equal comparison for unordered example output 2025-03-05 07:44:41 -08:00
text text/template: add an if func example 2025-03-07 11:32:13 -08:00
time internal/synctest: new package for testing concurrent code 2024-11-19 19:40:40 +00:00
unicode unicode/utf8: use builtin max function to simplify code 2025-02-25 10:16:36 -08:00
unique unique: use runtime.AddCleanup instead of runtime.SetFinalizer 2025-02-24 09:11:32 -08:00
unsafe unsafe: say "functions like syscall.Syscall", not only Syscall 2024-07-11 23:38:31 +00:00
vendor all: update golang.org/x/net 2025-03-04 13:19:15 -08:00
weak weak: test the use of runtime.AddCleanup 2025-02-25 08:44:32 -08:00
all.bash all.bash: allow spaces in $GOTOOLDIR to print build info 2024-03-11 19:53:58 +00:00
all.bat {all,clean,make,race,run}.bat: simplify error handling 2025-02-11 09:45:10 -08:00
all.rc
bootstrap.bash
buildall.bash src/buildall.bash: use grep -E instead of egrep 2024-04-23 17:45:23 +00:00
clean.bash
clean.bat {all,clean,make,race,run}.bat: simplify error handling 2025-02-11 09:45:10 -08:00
clean.rc
cmp.bash cmp.bash: fix comment grammar 2023-07-20 18:03:31 +00:00
go.mod all: update golang.org/x/net 2025-03-04 13:19:15 -08:00
go.sum all: update golang.org/x/net 2025-03-04 13:19:15 -08:00
make.bash cmd/dist: require Go 1.22.6 as minimum bootstrap toolchain 2024-08-20 17:52:42 +00:00
make.bat make.bat,race.bat: simplify --dist-tool handling 2025-02-11 23:09:26 -08:00
Make.dist
make.rc make.rc: correct test for undefined GOROOT_BOOTSTRAP 2024-11-14 18:02:59 +00:00
race.bash
race.bat make.bat,race.bat: simplify --dist-tool handling 2025-02-11 23:09:26 -08:00
README.vendor README.vendor: add note about GOROOT, recommend fresh go 2024-09-30 19:15:39 +00:00
run.bash run.bash: rm bumping open files soft limit 2024-05-15 15:02:23 +00:00
run.bat {all,clean,make,race,run}.bat: simplify error handling 2025-02-11 09:45:10 -08:00
run.rc

README.vendor 

Vendoring in std and cmd
========================

The Go command maintains copies of external packages needed by the
standard library in the src/vendor and src/cmd/vendor directories.

There are two modules, std and cmd, defined in src/go.mod and
src/cmd/go.mod. When a package outside std or cmd is imported
by a package inside std or cmd, the import path is interpreted
as if it had a "vendor/" prefix. For example, within "crypto/tls",
an import of "golang.org/x/crypto/cryptobyte" resolves to
"vendor/golang.org/x/crypto/cryptobyte". When a package with the
same path is imported from a package outside std or cmd, it will
be resolved normally. Consequently, a binary may be built with two
copies of a package at different versions if the package is
imported normally and vendored by the standard library.

Vendored packages are internally renamed with a "vendor/" prefix
to preserve the invariant that all packages have distinct paths.
This is necessary to avoid compiler and linker conflicts. Adding
a "vendor/" prefix also maintains the invariant that standard
library packages begin with a dotless path element.

The module requirements of std and cmd do not influence version
selection in other modules. They are only considered when running
module commands like 'go get' and 'go mod vendor' from a directory
in GOROOT/src.

Maintaining vendor directories
==============================

Before updating vendor directories, ensure that module mode is enabled.
Make sure that GO111MODULE is not set in the environment, or that it is
set to 'on' or 'auto', and if you use a go.work file, set GOWORK=off.

Also, ensure that 'go env GOROOT' shows the root of this Go source
tree. Otherwise, the results are undefined. It's recommended to build
Go from source and use that 'go' binary to update its source tree.

Requirements may be added, updated, and removed with 'go get'.
The vendor directory may be updated with 'go mod vendor'.
A typical sequence might be:

    cd src  # or src/cmd
    go get golang.org/x/net@master
    go mod tidy
    go mod vendor

Use caution when passing '-u' to 'go get'. The '-u' flag updates
modules providing all transitively imported packages, not only
the module providing the target package.

Note that 'go mod vendor' only copies packages that are transitively
imported by packages in the current module. If a new package is needed,
it should be imported before running 'go mod vendor'.