runtime: fix gcDumpObject on non-heap pointers

gcDumpObject is used to print the source and destination objects when checkmark find a missing mark. However, gcDumpObject currently assumes the given pointer will point to a heap object. This is not true of the source object during root marking and may not even be true of the destination object in the limited situations where the heap points back in to the stack. If the pointer isn't a heap object, gcDumpObject will attempt an out-of-bounds access to h_spans. This will cause a panicslice, which will attempt to construct a useful panic message. This will cause a string allocation, which will lead mallocgc to panic because the GC is in mark termination (checkmark only happens during mark termination). Fix this by checking that the pointer points into the heap arena before attempting to use it as an arena pointer. Change-Id: I09da600c380d4773f1f8f38e45b82cb229ea6382 Reviewed-on: https://go-review.googlesource.com/9498Reviewed-by: Rick Hudson <rlh@golang.org>

runtime: fix gcDumpObject on non-heap pointers
gcDumpObject is used to print the source and destination objects when checkmark find a missing mark. However, gcDumpObject currently assumes the given pointer will point to a heap object. This is not true of the source object during root marking and may not even be true of the destination object in the limited situations where the heap points back in to the stack. If the pointer isn't a heap object, gcDumpObject will attempt an out-of-bounds access to h_spans. This will cause a panicslice, which will attempt to construct a useful panic message. This will cause a string allocation, which will lead mallocgc to panic because the GC is in mark termination (checkmark only happens during mark termination). Fix this by checking that the pointer points into the heap arena before attempting to use it as an arena pointer. Change-Id: I09da600c380d4773f1f8f38e45b82cb229ea6382 Reviewed-on: https://go-review.googlesource.com/9498Reviewed-by: Rick Hudson <rlh@golang.org>
3ca20218 · Austin Clements · cfb8b18e · 3ca20218
Commit 3ca20218 authored Apr 29, 2015 by Austin Clements
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

mgcmark.go src/runtime/mgcmark.go +4 -0

No files found.
--- a/src/runtime/mgcmark.go
+++ b/src/runtime/mgcmark.go
@@ -719,6 +719,10 @@ func greyobject(obj, base, off uintptr, hbits heapBits, span *mspan, gcw *gcWork
 // gcDumpObject dumps the contents of obj for debugging and marks the
 // field at byte offset off in obj.
 func gcDumpObject(label string, obj, off uintptr) {
+	if obj < mheap_.arena_start || obj >= mheap_.arena_used {
+		print(label, "=", hex(obj), " is not a heap object\n")
+		return
+	}
 	k := obj >> _PageShift
 	x := k
 	x -= mheap_.arena_start >> _PageShift