From 9121e7e4df8e3867be2929cb2188272fbfe4408e Mon Sep 17 00:00:00 2001
From: Dave Cheney <dave@cheney.net>
Date: Thu, 3 Apr 2014 13:44:44 +1100
Subject: [PATCH] runtime: check that new slice cap doesn't overflow

Fixes #7550.

LGTM=iant
R=golang-codereviews, iant, josharian
CC=golang-codereviews
https://golang.org/cl/83520043
---
 src/pkg/runtime/slice.goc   |  2 +-
 test/fixedbugs/issue7550.go | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 test/fixedbugs/issue7550.go

diff --git a/src/pkg/runtime/slice.goc b/src/pkg/runtime/slice.goc
index 36745e770d..6112639e02 100644
--- a/src/pkg/runtime/slice.goc
+++ b/src/pkg/runtime/slice.goc
@@ -65,7 +65,7 @@ func growslice(t *SliceType, old Slice, n int64) (ret Slice) {
 
 	cap = old.cap + n;
 
-	if((intgo)cap != cap || cap < old.cap || (t->elem->size > 0 && cap > MaxMem/t->elem->size))
+	if((intgo)cap != cap || cap < (int64)old.cap || (t->elem->size > 0 && cap > MaxMem/t->elem->size))
 		runtime·panicstring("growslice: cap out of range");
 
 	if(raceenabled) {
diff --git a/test/fixedbugs/issue7550.go b/test/fixedbugs/issue7550.go
new file mode 100644
index 0000000000..0c4cf93079
--- /dev/null
+++ b/test/fixedbugs/issue7550.go
@@ -0,0 +1,27 @@
+// run
+
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+func shouldPanic(f func()) {
+        defer func() {
+                if recover() == nil {
+                        panic("not panicking")
+                }
+        }()
+        f()
+}
+
+func f() {
+        length := int(^uint(0) >> 1)
+        a := make([]struct{}, length)
+        b := make([]struct{}, length)
+        _ = append(a, b...)
+}
+
+func main() {
+	shouldPanic(f)
+}