<!DOCTYPE html>
<html data-lt-installed="true">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body style="padding-bottom: 1px;">
    <p>Hi, Sergey,<br>
    </p>
    <div class="moz-cite-prefix">On 09.09.2024 18:37, Sergey Bronnikov
      via Tarantool-patches wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:5f51a9ad-3302-4e0c-8d91-c5a26c147fe2@tarantool.org">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <p>Hi, Sergey,</p>
      <p>thanks for the patch! see my comments below.<br>
      </p>
      <div class="moz-cite-prefix">On 21.08.2024 19:52, Sergey Kaplun
        wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:20240821165250.11087-1-skaplun@tarantool.org">
        <pre class="moz-quote-pre" wrap="">From: Mike Pall <mike>

Thanks to Sergey Kaplun.

(cherry picked from commit 7a608e4425ce0777f5c980dad9f4fdc1bcce0b8c)

The aforementioned function doesn't handle gentle recording of the cdata
addition to `nil` or some string, presuming that the interpreter will throw
an error. This may lead to an assertion due to an uninitialized ctype
state or an attempt to use in the fold engine the non-cdata summand (casted
to `IR_KPTR`) as the (invalid) GC pointer.

This patch handles such cases by:
* Initializing the ctype state where it is needed.
* Raising an error when the argument has a suspicious type. Since the
  interpreter will throw the error anyway, these traces will abort
  anyway.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199
---

Branch: <a class="moz-txt-link-freetext"
href="https://github.com/tarantool/luajit/tree/skaplun/lj-1224-fix-jit-cdata-arith"
        moz-do-not-send="true">https://github.com/tarantool/luajit/tree/skaplun/lj-1224-fix-jit-cdata-arith</a>
Related issues:
* <a class="moz-txt-link-freetext"
        href="https://github.com/tarantool/tarantool/issues/10199"
        moz-do-not-send="true">https://github.com/tarantool/tarantool/issues/10199</a>
* <a class="moz-txt-link-freetext"
        href="https://github.com/LuaJIT/LuaJIT/issues/1224"
        moz-do-not-send="true">https://github.com/LuaJIT/LuaJIT/issues/1224</a>

 src/lj_crecord.c                              | 10 ++--
 .../lj-1224-fix-cdata-arith-ptr.test.lua      | 48 +++++++++++++++++++</pre>
      </blockquote>
      <p>This test does not fail without fix (but repro from the issue
        does):</p>
      <p>[0] ~/sources/MRG/tarantool/third_party/luajit $
        ./build/gc64/src/luajit -Ohotloop=1 -e "<br>
repeat                                                              <br>
          r = 1LL +
        nil                                                      <br>
        until
        true                                                          <br>
"                                                                   <br>
        LuaJIT ASSERT
/home/sergeyb/sources/MRG/tarantool/third_party/luajit/src/lj_ctype.c:185:
        lj_ctype_intern: uninitialized cts->L         <br>
        Aborted                    <br>
        [0] ~/sources/MRG/tarantool/third_party/luajit $
        ./build/gc64/src/luajit
        test/tarantool-tests/lj-1224-fix-cdata-arith-ptr.test.lua<br>
        TAP version
        13                                                      <br>
1..2                                                                                                                                  
         <br>
            # cdata arithmetic with
        nil                                     <br>
           
        1..2                                                            <br>
            ok - correct recording error with bad cdata arithmetic<br>
            ok - correct error message<br>
            # cdata arithmetic with nil:
end                                                                                                  
         <br>
        ok - cdata arithmetic with
        nil                                      <br>
            # cdata arithmetic with string <br>
            1..2<br>
            ok - correct recording error with bad cdata arithmetic<br>
            ok - correct error message<br>
            # cdata arithmetic with string: end<br>
        ok - cdata arithmetic with string<br>
        [0] ~/sources/MRG/tarantool/third_party/luajit $ <br>
      </p>
    </blockquote>
    <p><br>
    </p>
    <p>With GC64 only (LUAJIT_ENABLE_GC64).<br>
    </p>
    <p><br>
    </p>
    <p><snipped></p>
  </body>
</html>