[Tarantool-patches] [PATCH luajit] Prevent false positive sanitizer warning in unpack().

[Sergey Bronnikov via Tarantool-patches <tarantool-patches@dev.tarantool.org>]

From: Mike Pall <mike>

Reported by Sergey Bronnikov.

(cherry picked from commit f322ecb51e3cea06683cc201e8ce224ec42fdab8)

The UndefinedBehaviour sanitizer produce a runtime warning when
INT_MAX is passed to `unpack()` as index `j`. This happens because
`i` in lj_cf_unpack() was incremented before the checking loop
invariant and this could to a signed integer overflo. The patch
fixes the issue by moving a loop invariant to a loop body.

Sergey Bronnikov:
* added the description and the test for the problem

Part of tarantool/tarantool#12134
---

Branch: https://github.com/tarantool/luajit/tree/ligurio/lj-1450-unpack-ub
Related issues:
* https://github.com/LuaJIT/LuaJIT/issues/1450
* https://github.com/tarantool/tarantool/issues/12134

 src/lib_base.c                                |  4 ++-
 .../lj-1450-unpack-huge-indices.test.lua      | 28 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua

diff --git a/src/lib_base.c b/src/lib_base.c
index a5b907de..714dc5bf 100644
--- a/src/lib_base.c
+++ b/src/lib_base.c
@@ -241,7 +241,9 @@ LJLIB_CF(unpack)
     } else {
       setnilV(L->top++);
     }
-  } while (i++ < e);
+    if (i >= e) break;
+    i++;
+  } while (1);
   return n;
 }
 
diff --git a/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua b/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua
new file mode 100644
index 00000000..1a09e273
--- /dev/null
+++ b/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua
@@ -0,0 +1,28 @@
+local tap = require('tap')
+
+-- The test file to demonstrate UBSan warning for `unpack()` with
+-- a huge indices value.
+-- See also: https://github.com/LuaJIT/LuaJIT/issues/1450.
+local test = tap.test('lj-1450-unpack-huge-indices')
+
+test:plan(4)
+
+local INT_MAX = 2 ^ 31 - 1
+
+-- The first test check the UBSan runtime error. The assertions
+-- were added just to be sure we don't change the behaviour.
+-- The second test additionally check a correct behaviour for
+-- a <maximum - 1> value.
+local tbl = {
+  [INT_MAX] = INT_MAX,
+  [INT_MAX - 1] = INT_MAX - 1,
+}
+local status, res = pcall(unpack, tbl, INT_MAX, INT_MAX)
+test:ok(status, 'unpack with INT_MAX: correct status')
+test:is(res, INT_MAX, 'unpack with INT_MAX: correct result')
+
+status, res = pcall(unpack, tbl, INT_MAX - 1, INT_MAX - 1)
+test:ok(status, 'unpack with INT_MAX - 1: correct status')
+test:is(res, INT_MAX - 1, 'unpack with INT_MAX - 1: correct result')
+
+test:done(true)
-- 
2.43.0