e22c0bff94
The download driver code loops through the downloaded_data buffer but doesn't ensure that it always passes a valid pointer to the Go side. In particular, if the malloc'd memory ends against an unmapped page, and the test passes a pointer one past the end of the memory region, and since the Go side always dereferences the pointer when creating a slice, it will attempt to read unmapped memory, causing a segfault. This bug doesn't always present. Indeed, it depends on the details of your system's memory allocator. I validated that this could be a cause of observed crashes on OS X by using mmap and mprotect to do the allocations ensuring that the page directly after the memory we use was unmapped/protected. The crash happened exactly as seen, and was fixed by changing this condition in the while loop. Change-Id: I685dac07ff9b904097375dbf850f387450858753 |
||
|---|---|---|
| .. | ||
| uplink | ||
| uplinkc | ||