From: Maksim Kokryashkin via Tarantool-patches <tarantool-patches@dev.tarantool.org>
To: tarantool-patches@dev.tarantool.org, sergeyb@tarantool.org,
skaplun@tarantool.org, m.kokryashkin@tarantool.org
Subject: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode
Date: Wed, 4 Oct 2023 15:50:33 +0300 [thread overview]
Message-ID: <20231004125034.64110-2-max.kokryashkin@gmail.com> (raw)
In-Reply-To: <20231004125034.64110-1-max.kokryashkin@gmail.com>
From: Mike Pall <mike>
(cherry-picked from commit 5c46f47736f7609be407c88d531ecd1689d40a79)
This commit adds an assertion to ensure that the `pc` of the
snapshot being made is located within the current prototype.
Violation of this assertion's condition may lead to all kinds
of buggy behavior on restoration from that snapshot, depending
on what is located in memory at the address under `pc`.
NOTICE: This patch is only a part of the original commit,
and the other part is backported in the following commit. The
patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.
Maxim Kokryashkin:
* added the description for the problem
Part of tarantool/tarantool#9145
---
src/lj_snap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lj_snap.c b/src/lj_snap.c
index 6c5e5e53..3f0fccec 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -115,6 +115,9 @@ static MSize snapshot_framelinks(jit_State *J, SnapEntry *map, uint8_t *topslot)
#else
MSize f = 0;
map[f++] = SNAP_MKPC(J->pc); /* The current PC is always the first entry. */
+ lj_assertJ(!J->pt ||
+ (J->pc >= proto_bc(J->pt) &&
+ J->pc < proto_bc(J->pt) + J->pt->sizebc), "bad snapshot PC");
#endif
while (frame > lim) { /* Backwards traversal of all frames above base. */
if (frame_islua(frame)) {
--
2.39.3 (Apple Git-145)
next prev parent reply other threads:[~2023-10-04 12:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
2023-10-04 12:50 ` Maksim Kokryashkin via Tarantool-patches [this message]
2023-10-10 8:05 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Sergey Kaplun via Tarantool-patches
2023-11-26 15:12 ` Sergey Bronnikov via Tarantool-patches
2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
2023-10-10 8:14 ` Sergey Kaplun via Tarantool-patches
2023-10-12 12:35 ` Maxim Kokryashkin via Tarantool-patches
2023-11-26 15:14 ` Sergey Bronnikov via Tarantool-patches
2024-01-10 8:52 ` [Tarantool-patches] [PATCH luajit v3 0/2] " Igor Munkin via Tarantool-patches
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231004125034.64110-2-max.kokryashkin@gmail.com \
--to=tarantool-patches@dev.tarantool.org \
--cc=m.kokryashkin@tarantool.org \
--cc=max.kokryashkin@gmail.com \
--cc=sergeyb@tarantool.org \
--cc=skaplun@tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox