From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 478B368F42;
	Thu, 25 Mar 2021 00:32:11 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 478B368F42
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1616621531; bh=0ucxH2B+Y/gSS8CzZsFCD/GuML/mBv6ZISfuSnwM81o=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=CIXkrrJD0usCSr5ejUK98XwikpRX6zvFGGCa7qK8MD7A4VJF6KnzQnaYyiZ7DeGxg
	 mtaYtKf9We/HLwtnhWGL8b85KsSOUpl851JgHYy4+Je1gEXoRnG8tinMFldGEWv+53
	 L8kcqt9jfhMVygusP/erC9aQc2Bu3LfoRMf9Dcj0=
Received: from smtp48.i.mail.ru (smtp48.i.mail.ru [94.100.177.108])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 9BF8468F43
 for <tarantool-patches@dev.tarantool.org>;
 Thu, 25 Mar 2021 00:24:58 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 9BF8468F43
Received: by smtp48.i.mail.ru with esmtpa (envelope-from
 <v.shpilevoy@tarantool.org>)
 id 1lPAzp-0004ib-K0; Thu, 25 Mar 2021 00:24:58 +0300
To: tarantool-patches@dev.tarantool.org,
	kyukhin@tarantool.org
Date: Wed, 24 Mar 2021 22:24:35 +0100
Message-Id: <5ccc9c039d4c3708fda9760ccc53643d0066c0f4.1616620860.git.v.shpilevoy@tarantool.org>
X-Mailer: git-send-email 2.24.3 (Apple Git-128)
In-Reply-To: <cover.1616620860.git.v.shpilevoy@tarantool.org>
References: <cover.1616620860.git.v.shpilevoy@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-7564579A: EEAE043A70213CC8
X-77F55803: 4F1203BC0FB41BD9064ADF4728AA0EE954173BE606B1EB548800CB16E8E806CE182A05F53808504062E62B44F76CE5CCD3C19D1B8201F8B8DCE29B5A95403AAF0297F94026AB99B6
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7D9B0C78E17BAE9D7EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637EA9DEEAA3ECF8E948638F802B75D45FF914D58D5BE9E6BC131B5C99E7648C95C5DD32608FC869F5D4074FE747766D92CE578E0AB51AFD028A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE767883B903EA3BAEA9FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C34C82C86BFC697D19117882F4460429728AD0CFFFB425014E868A13BD56FB6657D81D268191BDAD3DC09775C1D3CA48CF5E208EBACFE9213EBA3038C0950A5D36C8A9BA7A39EFB766EC990983EF5C0329BA3038C0950A5D36D5E8D9A59859A8B6F6D66E6DE924F9AA76E601842F6C81A1F004C906525384307823802FF610243DF43C7A68FF6260569E8FC8737B5C2249EC8D19AE6D49635B3BBE47FD9DD3FB59A8DF7F3B2552694A2BEBFE083D3B9BA73A03B725D353964BB11811A4A51E3B096D1867E19FE14079BA9C0B312567BB23089D37D7C0E48F6CA18204E546F3947CB26E97DCB74E625257739F23D657EF2BC8A9BA7A39EFB7666BA297DBC24807EA089D37D7C0E48F6C8AA50765F790063757B1FBEA53BC6EDBEFF80C71ABB335746BA297DBC24807EA27F269C8F02392CD6143B1329D1CCA5627F269C8F02392CD5571747095F342E88FB05168BE4CE3AF
X-B7AD71C0: AC4F5C86D027EB782CDD5689AFBDA7A24A6D60772A99906F8E1CD14B953EB46D24E9FB537EF229CC355D89D7DBCDD132
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975C5DD32608FC869F5D4074FE747766D92CE578E0AB51AFD0289C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EF0417BEADF48D1460699F904B3F4130E343918A1A30D5E7FCCB5012B2E24CD356
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D3451BBE684D17D7221688C75C91AD5391C54448582F224C9523CB76B12DD6F3F16EEBFAEDFAB40A34D1D7E09C32AA3244C258D32BD6507E95232209DC1ACAE107FB038C9161EF167A1729B2BEF169E0186
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojjqzNotmU+geWOTQFtcWC3g==
X-Mailru-Sender: 504CC1E875BF3E7D9BC0E5172ADA3110A906815429F9D960EA11FF55DB458BAE0CCA695789A59F6507784C02288277CA03E0582D3806FB6A5317862B1921BA260ED6CFD6382C13A6112434F685709FCF0DA7A0AF5A3A8387
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH 09/15] uuid: drop tt_uuid_str() from Lua
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Vladislav Shpilevoy via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

The function converts struct tt_uuid * to a string. The string is
allocated on the static buffer, which can't be used in Lua due to
unpredictable GC behaviour. It can start working any moment even
if tt_uuid_str() has returned, but its result wasn't passed to
ffi.string() yet. Then the buffer might be overwritten.

Lua uuid now uses tt_uuid_to_string() which does the same but
takes the buffer pointer. The buffer is stored in an ffi stash,
because it is x4 times faster than ffi.new('char[37]') (where 37
is length of a UUID string + terminating 0) (2.4 ns vs 0.8 ns).

After this patch UUID is supposed to be fully compatible with Lua
GC handlers.

Part of #5632

(cherry picked from commit acf8745ed8fef47e6d1f1c31708c7c9d6324d2f3)
---
 extra/exports                              |  1 +
 src/lua/uuid.lua                           | 13 ++++--
 test/app-tap/gh-5632-gc-buf-reuse.test.lua | 49 ++++++++++++++++++++++
 test/app/uuid.result                       |  2 +-
 4 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100755 test/app-tap/gh-5632-gc-buf-reuse.test.lua

diff --git a/extra/exports b/extra/exports
index 91094206d..b27b22a7c 100644
--- a/extra/exports
+++ b/extra/exports
@@ -51,6 +51,7 @@ tt_uuid_is_equal
 tt_uuid_is_nil
 tt_uuid_bswap
 tt_uuid_from_string
+tt_uuid_to_string
 log_level
 log_format
 uri_parse
diff --git a/src/lua/uuid.lua b/src/lua/uuid.lua
index 46b35075a..3efb7f66b 100644
--- a/src/lua/uuid.lua
+++ b/src/lua/uuid.lua
@@ -26,8 +26,6 @@ bool
 tt_uuid_is_nil(const struct tt_uuid *uu);
 bool
 tt_uuid_is_equal(const struct tt_uuid *lhs, const struct tt_uuid *rhs);
-char *
-tt_uuid_str(const struct tt_uuid *uu);
 extern const struct tt_uuid uuid_nil;
 ]]
 
@@ -38,11 +36,20 @@ local uuid_stash = buffer.ffi_stash_new(uuid_t)
 local uuid_stash_take = uuid_stash.take
 local uuid_stash_put = uuid_stash.put
 
+local uuid_str_stash =
+    buffer.ffi_stash_new(string.format('char[%s]', UUID_STR_LEN + 1))
+local uuid_str_stash_take = uuid_str_stash.take
+local uuid_str_stash_put = uuid_str_stash.put
+
 local uuid_tostring = function(uu)
     if not ffi.istype(uuid_t, uu) then
         return error('Usage: uuid:str()')
     end
-    return ffi.string(builtin.tt_uuid_str(uu), UUID_STR_LEN)
+    local strbuf = uuid_str_stash_take()
+    builtin.tt_uuid_to_string(uu, strbuf)
+    uu = ffi.string(strbuf, UUID_STR_LEN)
+    uuid_str_stash_put(strbuf)
+    return uu
 end
 
 local uuid_fromstr = function(str)
diff --git a/test/app-tap/gh-5632-gc-buf-reuse.test.lua b/test/app-tap/gh-5632-gc-buf-reuse.test.lua
new file mode 100755
index 000000000..b09b1bf3e
--- /dev/null
+++ b/test/app-tap/gh-5632-gc-buf-reuse.test.lua
@@ -0,0 +1,49 @@
+#!/usr/bin/env tarantool
+
+--
+-- gh-5632: Lua code should not use any global buffers or objects without
+-- proper ownership protection. Otherwise these items might be suddenly reused
+-- during Lua GC which happens almost at any moment. That might lead to data
+-- corruption.
+--
+
+local tap = require('tap')
+local ffi = require('ffi')
+local uuid = require('uuid')
+
+local function test_uuid(test)
+    test:plan(1)
+
+    local gc_count = 100
+    local iter_count = 1000
+    local is_success = true
+
+    local function uuid_to_str()
+        local uu = uuid.new()
+        local str1 = uu:str()
+        local str2 = uu:str()
+        if str1 ~= str2 then
+            is_success = false
+            assert(false)
+        end
+    end
+
+    local function create_gc()
+        for _ = 1, gc_count do
+            ffi.gc(ffi.new('char[1]'), function() uuid_to_str() end)
+        end
+    end
+
+    for _ = 1, iter_count do
+        create_gc()
+        uuid_to_str()
+    end
+
+    test:ok(is_success, 'uuid in gc')
+end
+
+local test = tap.test('gh-5632-gc-buf-reuse')
+test:plan(1)
+test:test('uuid in __gc', test_uuid)
+
+os.exit(test:check() and 0 or 1)
diff --git a/test/app/uuid.result b/test/app/uuid.result
index 1da8b3e58..b252c497d 100644
--- a/test/app/uuid.result
+++ b/test/app/uuid.result
@@ -106,7 +106,7 @@ uu.node[5]
 -- invalid values
 uuid.fromstr(nil)
 ---
-- error: 'builtin/uuid.lua:50: fromstr(str)'
+- error: 'builtin/uuid.lua:57: fromstr(str)'
 ...
 uuid.fromstr('')
 ---
-- 
2.24.3 (Apple Git-128)