From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id B77EC6F15B;
	Tue, 23 Aug 2022 14:03:53 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org B77EC6F15B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1661252633; bh=Tu5QEYKDh5IHem92//r2P4xZvoaFWq7RNl5j3cu1SPU=;
	h=In-Reply-To:Date:Cc:References:To:Subject:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=yPwRwYvbcb2wkwkLWH2MwHKqXJArOLHfKrxKpxSWgjTgJh/JgH9HhLKJQhxMstFA8
	 EtlMhd9C+c44gWJIhgcpYlvFSotKax5jfwA5BbqZAWwISbONf8JFrwVQmfGSmcKrWR
	 BsbdvF67+ipz0HVy21oRmCiQGjKUkpN7gXxAlynk=
Received: from smtp45.i.mail.ru (smtp45.i.mail.ru [94.100.177.105])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 8FE456F15B
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 23 Aug 2022 14:03:52 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8FE456F15B
Received: by smtp45.i.mail.ru with esmtpa (envelope-from
 <sergos@tarantool.org>)
 id 1oQRhH-0007ga-S7; Tue, 23 Aug 2022 14:03:52 +0300
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
In-Reply-To: <20220823080659.16880-1-skaplun@tarantool.org>
Date: Tue, 23 Aug 2022 14:03:51 +0300
Cc: Maxim Kokryashkin <max.kokryashkin@gmail.com>,
 tarantool-patches@dev.tarantool.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <59F55FF8-96DB-4CB7-A689-87CAB607222C@tarantool.org>
References: <20220823080659.16880-1-skaplun@tarantool.org>
To: Sergey Kaplun <skaplun@tarantool.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: 78E4E2B564C1792B
X-77F55803: 4F1203BC0FB41BD999D8F08CF16C6CA74956D63C129D917351CC51FE07055ADC00894C459B0CD1B9B248462C6A6388D37530D8EF224B5157849271FE461B276D303B288D58C5C93A
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE70186A8DAAA7CBDB1EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637B84F9009663064BD8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D871C6EFB1578DB48C238414D96E5FB346117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC974A882099E279BDA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735201E561CDFBCA1751FC26CFBAC0749D213D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE140C956E756FBB7A148812EF9080FC94D8FC6C240DEA7642DBF02ECDB25306B2B78CF848AE20165D0A6AB1C7CE11FEE30CABCCA60F52D7EB03F1AB874ED89028C4224003CC836476EA7A3FFF5B025636E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F7900637C970FD8DF19C51D2EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A
X-C1DE0DAB: 9604B64F49C60606AD91A466A1DEF99B296C473AB1E142185AC9E3593CE4B31AB1881A6453793CE9274300E5CE05BD4401A9E91200F654B0F56C66D0505D9834D9A1D0B5FC830B809C0F1C44E32D0C9689E9F888B9DBEBA29C2B6934AE262D3EE7EAB7254005DCED8DA55E71E02F9FC08E8E86DC7131B365E7726E8460B7C23C
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D340EEB18E4918315712FD0D09A9C9A6493B0E684C3FBE07047697C3D87F1DA074D47A8338E2ABDFFBA1D7E09C32AA3244C5E5A3C77E1F5E4EE6571624EA41EB3DCF94338140B71B8EEFACE5A9C96DEB163
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojzEOgLjt8B1qCuDT6oQVqYQ==
X-Mailru-Sender: 5AA3D5B9D8C486462A43268960EC4D12E571568975763B00B7AD929ACE76727B672E7EA29504465B19381EE24192DF5555834048F03EF5D4C9A814A92B2E3B1BA4250FC3964EA4964198E0F3ECE9B5443453F38A29522196
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH luajit] Fix overflow check in
 unpack().
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: sergos via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: sergos <sergos@tarantool.org>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Hi Sergey!

Thanks for the patch, LGTM.

Sergos.


> On 23 Aug 2022, at 11:06, Sergey Kaplun <skaplun@tarantool.org> wrote:
>=20
> From: Mike Pall <mike>
>=20
> Thanks to HybridDog.
>=20
> When build with optimization compiler may throw away overflow check in
> `unpack()` base library function.
>=20
> This patch prevents aforementioned error by comparing the unsigned
> amount of values to unpack with `LUAI_MAXCSTACK` instead of 0.
>=20
> Sergey Kaplun:
> * added the description and the test for the problem
>=20
> Part of tarantool/tarantool#7230
> ---
>=20
> Issue/PR:
> * https://github.com/LuaJIT/LuaJIT/pull/574
> * https://github.com/tarantool/tarantool/issues/7230
> Branch: =
https://github.com/tarantool/luajit/tree/skaplun/lj-574-overflow-unpack-fu=
ll-ci
> PR: https://github.com/tarantool/tarantool/pull/7596
>=20
> src/lib_base.c                                       |  6 ++++--
> test/tarantool-tests/lj-574-overflow-unpack.test.lua | 12 ++++++++++++
> 2 files changed, 16 insertions(+), 2 deletions(-)
> create mode 100644 =
test/tarantool-tests/lj-574-overflow-unpack.test.lua
>=20
> diff --git a/src/lib_base.c b/src/lib_base.c
> index 613a1859..cf57b4f2 100644
> --- a/src/lib_base.c
> +++ b/src/lib_base.c
> @@ -224,9 +224,11 @@ LJLIB_CF(unpack)
>   int32_t n, i =3D lj_lib_optint(L, 2, 1);
>   int32_t e =3D (L->base+3-1 < L->top && !tvisnil(L->base+3-1)) ?
> 	      lj_lib_checkint(L, 3) : (int32_t)lj_tab_len(t);
> +  uint32_t nu;
>   if (i > e) return 0;
> -  n =3D e - i + 1;
> -  if (n <=3D 0 || !lua_checkstack(L, n))
> +  nu =3D (uint32_t)e - (uint32_t)i;
> +  n =3D (int32_t)(nu+1);
> +  if (nu >=3D LUAI_MAXCSTACK || !lua_checkstack(L, n))
>     lj_err_caller(L, LJ_ERR_UNPACK);
>   do {
>     cTValue *tv =3D lj_tab_getint(t, i);
> diff --git a/test/tarantool-tests/lj-574-overflow-unpack.test.lua =
b/test/tarantool-tests/lj-574-overflow-unpack.test.lua
> new file mode 100644
> index 00000000..6715d947
> --- /dev/null
> +++ b/test/tarantool-tests/lj-574-overflow-unpack.test.lua
> @@ -0,0 +1,12 @@
> +local tap =3D require('tap')
> +
> +-- Test file to demonstrate integer overflow in the `unpack()`
> +-- function due to compiler optimization.
> +-- See also https://github.com/LuaJIT/LuaJIT/pull/574.
> +local test =3D tap.test('lj-574-overflow-unpack')
> +test:plan(1)
> +
> +local r, e =3D pcall(unpack, {}, 0, 2^31 - 1)
> +test:ok(not r and e =3D=3D 'too many results to unpack', 'overflow =
check in unpack')
> +
> +os.exit(test:check() and 0 or 1)
> --=20
> 2.34.1
>=20