[Tarantool-patches] [PATCH 2/2] Followup fix for embedded bytecode loader.
Sergey Bronnikov
estetus at gmail.com
Tue Jul 25 19:37:01 MSK 2023
From: sergeyb at tarantool.org
(cherry-picked from commit e49863eda13d095b1a78fd4ca0fd3a6a9a17d782)
Sergey Bronnikov:
* added the partial test for this and a previous patch
---
src/lj_lex.c | 1 +
test/tarantool-c-tests/lj-549-lua_load.test.c | 146 ++++++++++++++++++
2 files changed, 147 insertions(+)
create mode 100644 test/tarantool-c-tests/lj-549-lua_load.test.c
diff --git a/src/lj_lex.c b/src/lj_lex.c
index 82e4ba6f..161d862e 100644
--- a/src/lj_lex.c
+++ b/src/lj_lex.c
@@ -51,6 +51,7 @@ static LJ_NOINLINE LexChar lex_more(LexState *ls)
if (sz >= LJ_MAX_BUF) {
if (sz != ~(size_t)0) lj_err_mem(ls->L);
sz = ~(uintptr_t)0 - (uintptr_t)p;
+ if (sz >= LJ_MAX_BUF) sz = LJ_MAX_BUF-1;
ls->endmark = 1;
}
ls->pe = p + sz;
diff --git a/test/tarantool-c-tests/lj-549-lua_load.test.c b/test/tarantool-c-tests/lj-549-lua_load.test.c
new file mode 100644
index 00000000..4fb144cf
--- /dev/null
+++ b/test/tarantool-c-tests/lj-549-lua_load.test.c
@@ -0,0 +1,146 @@
+#include <assert.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+#include "test.h"
+#include "utils.h"
+
+/* Need for skipcond. */
+#include "lj_arch.h"
+
+/* Defined in lj_def.h. */
+#define LJ_MAX_MEM32 0x7fffff00 /* Max. 32 bit memory allocation. */
+#define LJ_MAX_BUF LJ_MAX_MEM32 /* Max. buffer length. */
+
+#define UNUSED(x) ((void)(x))
+
+/**
+ * Array with bytecode was generated using commands below:
+ *
+ * cat << EOF > a.lua
+ * local a = 1
+ * EOF
+ * luajit -b a.lua a.h
+ */
+#define luaJIT_BC_sample_SIZE 22
+static const unsigned char luaJIT_BC_sample[] = {
+27,76,74,2,2,15,2,0,1,0,0,0,2,41,0,1,0,75,0,1,0,0
+};
+
+/**
+ * Function generates a huge chunk with "bytecode" with a size bigger than
+ * LJ_MAX_BUF. Generated chunk must enable endmark in a Lex state.
+ */
+static const char *
+bc_reader_with_endmark(lua_State *L, void *data, size_t *size)
+{
+ UNUSED(data);
+ static char *bc_chunk = NULL;
+ free(bc_chunk);
+
+ int bc_chunk_size = (size_t)0;
+ bc_chunk = malloc(bc_chunk_size);
+ assert(bc_chunk != NULL);
+
+ /**
+ * Put a chunk with a valid bytecode to the beginning of allocated region.
+ * lua_load automatically detects whether the chunk is text or binary,
+ * and loads it accordingly. We need a trace for bytecode input,
+ * so it is necessary to deceive a check in lj_lex_setup, that makes a
+ * sanity check and detects whether input is bytecode or text by first char.
+ * Strictly speaking it is enough to put LUA_SIGNATURE[0] as a first
+ * symbol in produced chunk.
+ */
+ memcpy(bc_chunk, luaJIT_BC_sample, luaJIT_BC_sample_SIZE);
+
+ *size = bc_chunk_size;
+
+ return bc_chunk;
+}
+
+static int bc_loader_with_endmark(void *test_state)
+{
+ lua_State *L = test_state;
+ void *ud = NULL;
+ int res = lua_load(L, bc_reader_with_endmark, ud, "endmark");
+
+ /* Make sure we passed condition with lj_err_mem in a function lex_more. */
+ assert_true(res != LUA_ERRMEM);
+
+ return TEST_EXIT_SUCCESS;
+}
+
+enum bc_emission_state {
+ EMIT_BC,
+ EMIT_EOF,
+};
+
+typedef struct {
+ enum bc_emission_state state;
+} dt;
+
+/**
+ * Function returns bytecode chunk on the first call and NULL and size equals
+ * to zero on the second call. Triggers END_OF_STREAM flag in a function
+ * lex_more.
+ */
+static const char *
+bc_reader_with_eof(lua_State *L, void *data, size_t *size)
+{
+ UNUSED(data);
+ UNUSED(L);
+ dt *test_data = (dt *)data;
+ if (test_data->state == EMIT_EOF) {
+ *size = 0;
+ return NULL;
+ }
+
+ char *bc_chunk = malloc(luaJIT_BC_sample_SIZE);
+ memcpy(bc_chunk, luaJIT_BC_sample, luaJIT_BC_sample_SIZE);
+ *size = luaJIT_BC_sample_SIZE;
+
+ return bc_chunk;
+}
+
+static int bc_loader_with_eof(void *test_state)
+{
+ lua_State *L = test_state;
+ dt test_data = {0};
+ test_data.state = EMIT_BC;
+ int res = lua_load(L, bc_reader_with_eof, &test_data, "eof");
+ assert_true(res = LUA_ERRSYNTAX);
+ if (res == LUA_OK) {
+ lua_pcall(L, 0, 0, 0);
+ }
+
+ return TEST_EXIT_SUCCESS;
+}
+
+int main(void)
+{
+ if (LJ_GC64 || !LUAJIT_ARCH_X64 || !LJ_TARGET_LINUX)
+ /**
+ * lua_load source code is common on all platforms,
+ * when bytecode is not portable.
+ * So test runs on Linux/x86_64 only and skipped on other
+ * platforms.
+ */
+ return skip_all("Enabled on Linux/x86_64 with disabled GC64");
+
+ lua_State *L = utils_lua_init();
+ const struct test_unit tgroup[] = {
+ test_unit_def(bc_loader_with_endmark),
+ test_unit_def(bc_loader_with_eof)
+ };
+
+ const int test_result = test_run_group(tgroup, L);
+ utils_lua_close(L);
+ return test_result;
+}
--
2.34.1
More information about the Tarantool-patches
mailing list