gsrlabs/go
1
0
Fork 0
mirror of https://github.com/golang/go.git synced 2026-01-29 07:02:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

[release-branch.go1.24] cmd/go: remove user-content from doc strings in cgo ASTs.

Browse Source 
Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc. for reporting this issue.

Updates #76697
Fixes #77128
Fixes CVE-2025-61732

Change-Id: Ie2a96b79a813e362cbf8e6cb0e3c2d0c022bcb29
Reviewed-on: https://go-review.googlesource.com/c/go/+/740001
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit is contained in:
Neal Patel
2026-01-06 16:09:19 -05:00
committed by Gopher Robot
parent 63a1b82d1e
commit 14d0bb39c1
1 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/cmd/cgo/ast.go
View File

@@ -301,17 +301,12 @@ func (f *File) saveExport(x interface{}, context astContext) {
error_(c.Pos(), "export comment has wrong name %q, want %q", name, n.Name.Name)
}
doc := ""
for _, c1 := range n.Doc.List {
if c1 != c {
doc += c1.Text + "\n"
}
}
f.ExpFunc = append(f.ExpFunc, &ExpFunc{
Func: n,
ExpName: name,
Doc: doc,
// Caution: Do not set the Doc field on purpose
// to ensure that there are no unintended artifacts
// in the binary. See https://go.dev/issue/76697.
})
break
}