Description
RawBytes is a byte slice that holds a reference to memory owned by the database itself. After a Scan into a RawBytes, the slice is only valid until the next call to Next, Scan, or Close.
That was true when RawBytes was added (in the first Go release, Go 1(.0)), but Go 1.8 added context.Context support to the database/sql package.
Since that time, RawBytes has been unsafe to use with any BeginTx/QueryContext with a context that might be done, as internally the database/sql package starts a goroutine (awaitDone) waiting for the context(s) to be done and then calls Close on the database/sql/driver.Conn, concurrently with the caller working with RawBytes.
Consider this series of events:
ctx, cancel := context.WithCancel(context.Background())
rows, ... := QueryRowContext(ctx)
for rows.Next() {
var raw sql.RawBytes
rows.Scan(&raw)
cancel() // imagine this a timeout or cancellation
json.Unmarshal(raw, ....) // working with memory that's not ours
}Options:
- document that
RawBytescan't be used with a context that might be Done - make
convertAssignRowsclone the driver's[]bytememory when a vulnerable context is in use - change the goroutine that does the concurrent driver.Close to instead set an atomic bool that the context is done, and do the Close+error on the next call to
Rows.Next/Rows.Close/Rows.Err/etc.... something that the user did explicitly, rather than doing something concurrently with the user code working with theRawBytes.
What version of Go are you using (go version)?
Go 1.20, but happens starting with Go 1.8 probably (not verified)
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env)?
macOS, Linux, etc. Not platform-specific.