debug/buildinfo: timeout in Read

[catenacyber]

What version of Go are you using (go version)?

$ go version
go version go1.17.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/catena/Library/Caches/go-build"
GOENV="/Users/catena/Library/Application Support/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/catena/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/catena/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GOVCS=""
GOVERSION="go1.17.6"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/catena/go/src/github.com/catenacyber/go/src/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -arch x86_64 -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/pp/dc1dtf9x2js3v0jx_m010nqr0000gn/T/go-build4237848497=/tmp/go-build -gno-record-gcc-switches -fno-common"
GOROOT/bin/go version: go version go1.17.6 darwin/amd64
GOROOT/bin/go tool compile -V: compile version go1.17.6
uname -v: Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64
ProductName:    macOS
ProductVersion: 12.2.1
BuildVersion:   21D62
lldb --version: lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)
gdb --version: GNU gdb (GDB) 9.1

What did you do?

Run https://go.dev/play/p/IZmSLdUzIaS?v=gotip

What did you expect to see?

The program finishing and printing Hello

What did you see instead?

timeout running program

Program exited.

Found by https://github.com/catenacyber/ngolo-fuzzing on oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51153

[gopherbot]

Change https://go.dev/cl/429815 mentions this issue: debug/buildinfo: correct a typo in calculating next align index

[mknyszek]

CC @golang/compiler

[ZekeLu]

it timeout on the playground because the for loop below never exits.

The value of i on line 159 is 1, and the result of i+buildInfoAlign-1)&^buildInfoAlign on line 167 is 0. So on line 167 the data slice is not changed. Then it enters the next loop with the same data slice. So the loop never exits.

The purpose of line 167 is data = data[n:] where n is the smallest number that fulfills n >= i && n % buildInfoAlign == 0 (namely, n should be 16, 32, 48, ...).

It's obviously there is a typo. The expression should be: data = data[(i+buildInfoAlign-1)&^(buildInfoAlign-1):]

https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/debug/buildinfo/buildinfo.go#L154-L168

---

Here are other places that use the same pattern:

https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/cmd/cgo/gcc.go#L2995-L2996

https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/cmd/compile/internal/ssa/writebarrier.go#L538-L541

https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/runtime/stubs.go#L411-L414

https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/cmd/internal/buildid/note.go#L153

[mdempsky]

Thanks @ZekeLu for the detailed assessment.

I agree that it appears to be a typo and the correct statement is data = data[(i+buildInfoAlign-1)&^(buildInfoAlign-1):].