When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments.
If using wasm_exec.js to execute WASM modules, users will need to replace their copy (as described in https://golang.org/wiki/WebAssembly#getting-started) after rebuilding any modules.
This is issue #48797 and CVE-2021-38297. Thanks to Ben Lubar for reporting this issue.
The bug has been referenced in the following commit(s):
Author: William Hubbs <email@example.com>
AuthorDate: 2021-10-12 21:39:36 +0000
Commit: William Hubbs <firstname.lastname@example.org>
CommitDate: 2021-10-12 21:40:16 +0000
dev-lang/go: 1.17.2 bump
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: William Hubbs <email@example.com>
dev-lang/go/Manifest | 1 +
dev-lang/go/go-1.17.2.ebuild | 197 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 198 insertions(+)
The only version of go in the tree at this point is 1.17.5.