cmd/asm: don't allow writes outside of a function's stack frame · golang/go#79062

(2 comments) (0 reactions) (0 assignees)Go (133,883 stars) (19,008 forks)batch import

NeedsInvestigationToolProposalcompiler/runtimehelp wanted

Description

Go version

go1.26.2 linux/amd64

Output of `go env` in your module/workspace:

n/a

What did you do?

Wrote the following amd64 assembly function:

#include "textflag.h"

TEXT ·clobber(SB),NOSPLIT,$8-0
        MOVQ $42, 8(SP)
        RET

What did you see happen?

It compiles.

What did you expect to see?

I think it shouldn't compile. The function declares an 8 byte stack frame, and that stack write is outside of the declared stack frame. Such a write was the cause of https://github.com/golang/go/issues/77250. In that issue, an assembly function overwrote the frame pointer saved at the top of the stack frame, leading to an execution tracer crash when the function returned. The assembler seems to accept any value for the offset of the SP virtual register. I think the same thing might apply to the FP pseudo-register: the function declares the amount of space for arguments and any read outside of that space is probably a bug.

Contributor guide

Tech stack: go
Domain: toolingbuild system
Issue type: bug
Difficulty: 4
Estimated time: 3-5 days
Activity status: fresh
Clarity: clear
Prerequisites: Go assemblycmd/asm internalsstack frame conventions
Newbie friendliness: 20
Research direction: The issue requests validation of stack frame offsets in the Go assembler. Start by examining the parser in src/cmd/asm/internal/asm/parse.go and related files to understand how instruction operands are evaluated. Look at the previous issue #77250 as a reference. The fix should add a check that writes to SP are within the declared stack frame size, and similarly for FP within argument space. Also consider how to handle instructions that manipulate SP directly. Review the assembler's test suite for existing validation examples.