There is a possible use-after-free issue in evpHash.WriteString and in evpHash.WriteByte. They both pass h.ctx to EVP_DigestUpdate without making sure h is still alive until the cgo call ends, i.e. using runtime.KeepAlive(h).
If the garbage collector chimes in at the right time, it will collect h, calling it's finalizer, that free's h.ctx, likely producing an invalid access exception.
evpHash.WriteString and evpHash.WriteByte APIs where introduced during this development cycle, so the issue still haven't hit production systems.
There is a possible use-after-free issue in
evpHash.WriteStringand inevpHash.WriteByte. They both passh.ctxtoEVP_DigestUpdatewithout making surehis still alive until the cgo call ends, i.e. usingruntime.KeepAlive(h).If the garbage collector chimes in at the right time, it will collect
h, calling it's finalizer, that free'sh.ctx, likely producing an invalid access exception.evpHash.WriteStringandevpHash.WriteByteAPIs where introduced during this development cycle, so the issue still haven't hit production systems.