From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id EFDDC13CF8D2;
	Thu,  5 Jun 2025 08:45:17 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org EFDDC13CF8D2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1749102318; bh=jQa2irpMIRncCbsxEZDAplQAiHypyoOZ3+xuPWP2+GE=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=HaFQrZftOqfoq+viLaDhk76qSWdVytvuCC4burVSInKuOy1cx3K2JlHEQH+DDuegr
	 mCpGDUh+KICaE+htj/yiJ8w/r7iDBR0BlG80qiM1fE8kNuBn4mJAoqUvyvKBN7FdES
	 Xz5w3w4h17vtpL1oX4naIS8MwbvMkOhwskUWYNAU=
Received: from send152.i.mail.ru (send152.i.mail.ru [89.221.237.247])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 1C99113CF8D2
 for <tarantool-patches@dev.tarantool.org>;
 Thu,  5 Jun 2025 08:44:17 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 1C99113CF8D2
Received: by exim-smtp-75656d46d5-jh4vp with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1uN3Oi-00000000FoO-0vyd; Thu, 05 Jun 2025 08:44:16 +0300
To: Sergey Bronnikov <sergeyb@tarantool.org>
Date: Thu,  5 Jun 2025 08:44:19 +0300
Message-ID: <5720c23a8dd4dbd5e2879b1ea163b7d140b0faf9.1749101434.git.skaplun@tarantool.org>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1749101434.git.skaplun@tarantool.org>
References: <cover.1749101434.git.skaplun@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: EEAE043A70213CC8
X-77F55803: 4F1203BC0FB41BD9186843A488DB0002765D3F0AFF7B15B5FB4F1AA624BDBD1F1313CFAB8367EF908E2BE116634AD74DBAD6EF93217388FC411046492FDDF80691D1BAD947E5841F9C853740E8570F4B1E35E39F85F323EC
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7F65C230EDDCD559EEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637AC83A81C8FD4AD23D82A6BABE6F325AC2E85FA5F3EDFCBAA7353EFBB5533756680FD86C7FE90CFE55ED98FFDC8B3DEBF975AAC8D183FCD640420509DF5F52314389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0DCF4F0DC832992758941B15DA834481FCF19DD082D7633A0EF3E4896CB9E6436389733CBF5DBD5E9D5E8D9A59859A8B6AEEA5BB16A939343CC7F00164DA146DA6F5DAA56C3B73B237318B6A418E8EAB86D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE732FCE54C4D9A645443847C11F186F3C59DAA53EE0834AAEE
X-C1DE0DAB: 0D63561A33F958A5FBDA39E0C44F75465002B1117B3ED696A00A3D7693F74D940E58516B1639A14B823CB91A9FED034534781492E4B8EEAD9CFA8CFAC159CE19C79554A2A72441328621D336A7BC284946AD531847A6065A535571D14F44ED41
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF01544C8E7AA0496458D29C68409E3616A048A0593F79D16778652E92080F4A48792D7E5D32AAB0D04322DC41441C31F01B9EA57D34A7243441DF049AB578312964988CEB8F4EBDFF5F4332CA8FE04980913E6812662D5F2A5EAB5682573093F7837F15F2B5E4A70B33F2C28C22F508233FCF178C6DD14203
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu53w8ahmwBjZKM/YPHZyZHvz5uv+WouB9+ObcCpyrx6l7KImUglyhkEat/+ysWwi0gdhEs0JGjl6ggRWTy1haxBpVdbIX1nthFXMZebaIdHP2ghjoIc/363UZI6Kf1ptIMVSykAyseJQ6/baTbvpWPyFc=
X-DA7885C5: 049C8F4B18C63DF6F255D290C0D534F981EA8C01993BA5BE705B3C6935BC60B394778E2276CAD8175B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E
X-Mailru-Sender: 689FA8AB762F7393FE9E42A757851DB6E3C0F0B2E1CC055187F66E1481AC81797BCE7F09148D07FEE49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit 2/3] Fix potential file
 descriptor leak in luaL_loadfile*().
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Reported by Assumeru.

(cherry picked from commit 19db4e9b7c5e19398286adb4d953a4874cc39ae0)

`loadfile()` doesn't close the fd in case when `fopen()` results
successfully, but the call `lua_pushfstring()` raises the "not enough
memory" error on creation of the filename string (started with @).

This patch fixes that behaviour by moving the string creation before the
`fopen()` call to avoid descriptor leak.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#11278
---
 src/lj_load.c                                 |  3 ++-
 .../lj-1249-loadfile-fd-leak.test.lua         | 27 +++++++++++++++++++
 test/tarantool-tests/utils/CMakeLists.txt     |  1 +
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 test/tarantool-tests/lj-1249-loadfile-fd-leak.test.lua

diff --git a/src/lj_load.c b/src/lj_load.c
index 19ac6ba2..a6d0b464 100644
--- a/src/lj_load.c
+++ b/src/lj_load.c
@@ -88,12 +88,13 @@ LUALIB_API int luaL_loadfilex(lua_State *L, const char *filename,
   int status;
   const char *chunkname;
   if (filename) {
+    chunkname = lua_pushfstring(L, "@%s", filename);
     ctx.fp = fopen(filename, "rb");
     if (ctx.fp == NULL) {
+      L->top--;
       lua_pushfstring(L, "cannot open %s: %s", filename, strerror(errno));
       return LUA_ERRFILE;
     }
-    chunkname = lua_pushfstring(L, "@%s", filename);
   } else {
     ctx.fp = stdin;
     chunkname = "=stdin";
diff --git a/test/tarantool-tests/lj-1249-loadfile-fd-leak.test.lua b/test/tarantool-tests/lj-1249-loadfile-fd-leak.test.lua
new file mode 100644
index 00000000..c1a45724
--- /dev/null
+++ b/test/tarantool-tests/lj-1249-loadfile-fd-leak.test.lua
@@ -0,0 +1,27 @@
+local tap = require('tap')
+
+-- Test file to demonstrate fd leakage in case of OOM during the
+-- `loadfile()` call. The test fails before the patch when run
+-- under Valgrind with the `--track-fds=yes` option.
+-- See also, https://github.com/LuaJIT/LuaJIT/issues/1249.
+local test = tap.test('lj-1249-loadfile-fd-leak')
+
+test:plan(2)
+
+local allocinject = require('allocinject')
+
+allocinject.enable_null_alloc()
+
+-- Just use the /dev/null as the surely available file.
+-- OOM is due to the creation of the string "@/dev/null" as the
+-- filename to be stored.
+local res, errmsg = pcall(loadfile, '/dev/null')
+
+allocinject.disable()
+
+-- Sanity checks.
+test:ok(not res, 'correct status, OOM on filename creation')
+test:like(errmsg, 'not enough memory',
+          'correct error message, OOM on filename creation')
+
+test:done(true)
diff --git a/test/tarantool-tests/utils/CMakeLists.txt b/test/tarantool-tests/utils/CMakeLists.txt
index 15871934..d44a8802 100644
--- a/test/tarantool-tests/utils/CMakeLists.txt
+++ b/test/tarantool-tests/utils/CMakeLists.txt
@@ -2,6 +2,7 @@ list(APPEND tests
   lj-1166-error-stitch-oom-ir-buff.test.lua
   lj-1166-error-stitch-oom-snap-buff.test.lua
   lj-1247-fin-tab-rehashing-on-trace.test.lua
+  lj-1249-loadfile-fd-leak.test.lua
   lj-1298-oom-on-concat-recording.test.lua
 )
 BuildTestCLib(allocinject allocinject.c "${tests}")
-- 
2.49.0