database/sql: clone data for named []byte types

Previously named byte types like json.RawMessage could get dirty database memory from a call to Scan. These types would activate a code path that didn't clone the byte data coming from the database before assigning it. Another thread could then overwrite the byte array in src, which has unexpected consequences. Originally reported by Jason Moiron; the patch and test are his suggestions. Fixes #13905. Change-Id: Iacfef61cbc9dd51c8fccef9b2b9d9544c77dd0e0 Reviewed-on: https://go-review.googlesource.com/22393Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

database/sql: clone data for named []byte types
Previously named byte types like json.RawMessage could get dirty database memory from a call to Scan. These types would activate a code path that didn't clone the byte data coming from the database before assigning it. Another thread could then overwrite the byte array in src, which has unexpected consequences. Originally reported by Jason Moiron; the patch and test are his suggestions. Fixes #13905. Change-Id: Iacfef61cbc9dd51c8fccef9b2b9d9544c77dd0e0 Reviewed-on: https://go-review.googlesource.com/22393Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
4e0cd1ee · Kevin Burke · Brad Fitzpatrick · a20fd1f6 · 4e0cd1ee · 4e0cd1ee
Commit 4e0cd1ee authored Apr 23, 2016 by Kevin Burke Committed by Brad Fitzpatrick Apr 30, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletion

convert.go src/database/sql/convert.go +6 -1

convert_test.go src/database/sql/convert_test.go +12 -0

No files found.
--- a/src/database/sql/convert.go
+++ b/src/database/sql/convert.go
@@ -217,7 +217,12 @@ func convertAssign(dest, src interface{}) error {

 	dv := reflect.Indirect(dpv)
 	if sv.IsValid() && sv.Type().AssignableTo(dv.Type()) {
-		dv.Set(sv)
+		switch b := src.(type) {
+		case []byte:
+			dv.Set(reflect.ValueOf(cloneBytes(b)))
+		default:
+			dv.Set(sv)
+		}
 		return nil
 	}


--- a/src/database/sql/convert_test.go
+++ b/src/database/sql/convert_test.go
@@ -377,3 +377,15 @@ func TestRawBytesAllocs(t *testing.T) {
 		t.Fatalf("allocs = %v; want max 1", n)
 	}
 }
+
+// https://github.com/golang/go/issues/13905
+func TestUserDefinedBytes(t *testing.T) {
+	type userDefinedBytes []byte
+	var u userDefinedBytes
+	v := []byte("foo")
+
+	convertAssign(&u, v)
+	if &u[0] == &v[0] {
+		t.Fatal("userDefinedBytes got potentially dirty driver memory")
+	}
+}