From: Maksim Kokryashkin via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: tarantool-patches@dev.tarantool.org, sergeyb@tarantool.org, skaplun@tarantool.org, m.kokryashkin@tarantool.org Subject: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Date: Wed, 4 Oct 2023 15:50:33 +0300 [thread overview] Message-ID: <20231004125034.64110-2-max.kokryashkin@gmail.com> (raw) In-Reply-To: <20231004125034.64110-1-max.kokryashkin@gmail.com> From: Mike Pall <mike> (cherry-picked from commit 5c46f47736f7609be407c88d531ecd1689d40a79) This commit adds an assertion to ensure that the `pc` of the snapshot being made is located within the current prototype. Violation of this assertion's condition may lead to all kinds of buggy behavior on restoration from that snapshot, depending on what is located in memory at the address under `pc`. NOTICE: This patch is only a part of the original commit, and the other part is backported in the following commit. The patch was split into two, so the test case becomes easier to implement since it can now depend on this assertion instead of memory layout. Maxim Kokryashkin: * added the description for the problem Part of tarantool/tarantool#9145 --- src/lj_snap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lj_snap.c b/src/lj_snap.c index 6c5e5e53..3f0fccec 100644 --- a/src/lj_snap.c +++ b/src/lj_snap.c @@ -115,6 +115,9 @@ static MSize snapshot_framelinks(jit_State *J, SnapEntry *map, uint8_t *topslot) #else MSize f = 0; map[f++] = SNAP_MKPC(J->pc); /* The current PC is always the first entry. */ + lj_assertJ(!J->pt || + (J->pc >= proto_bc(J->pt) && + J->pc < proto_bc(J->pt) + J->pt->sizebc), "bad snapshot PC"); #endif while (frame > lim) { /* Backwards traversal of all frames above base. */ if (frame_islua(frame)) { -- 2.39.3 (Apple Git-145)
next prev parent reply other threads:[~2023-10-04 12:51 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches 2023-10-04 12:50 ` Maksim Kokryashkin via Tarantool-patches [this message] 2023-10-10 8:05 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Sergey Kaplun via Tarantool-patches 2023-11-26 15:12 ` Sergey Bronnikov via Tarantool-patches 2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches 2023-10-10 8:14 ` Sergey Kaplun via Tarantool-patches 2023-10-12 12:35 ` Maxim Kokryashkin via Tarantool-patches 2023-11-26 15:14 ` Sergey Bronnikov via Tarantool-patches 2024-01-10 8:52 ` [Tarantool-patches] [PATCH luajit v3 0/2] " Igor Munkin via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20231004125034.64110-2-max.kokryashkin@gmail.com \ --to=tarantool-patches@dev.tarantool.org \ --cc=m.kokryashkin@tarantool.org \ --cc=max.kokryashkin@gmail.com \ --cc=sergeyb@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox