From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 83D1C1AAA2B3; Mon, 30 Mar 2026 14:54:11 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 83D1C1AAA2B3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1774871651; bh=+xlgxZRwqKb7t5SAakp5mDc5cBsRTIwLI6s1xq6HHIc=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=YoBoTeqlYn8uxTW2fpR0JWosychD79d4tzbWLZLqwcOlleDPbtKZBYUjC3RNsZM/M MrzWqNjuMCqAcoZcJSG69HJYiSub1TquexzRnSbUS4HLmubVNG6Vgo0t1oBr6IUgHh HvZ4OwRzexEqsCwPNgxpxxYjoPbBFGwe3MOysfvw= Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 9ADA41AAA2B6 for ; Mon, 30 Mar 2026 14:54:10 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 9ADA41AAA2B6 Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5a13a06fc85so5448830e87.1 for ; Mon, 30 Mar 2026 04:54:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774871650; x=1775476450; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+1OcuILUU9Ey6dtxjds/QgAx98oLEQlMPFpcJZsfgl0=; b=VNZ1INua6pm1HoOLbbDG585Dv8570XN1Lp4sXEq58gfl3ZR3qKgZLpqWmSVR720CNm 0BiUDLHCkHDzkoTRhL/5eWlHhKEcwc5xGXEz0Cgmklbqoi3h9JS/BPQTgc7rWPmLSGUc 54UAkdYM48FGPCD/5Lo08SEHtIDvF6TrwfQkCbYDz3ZL6D5qbTDpKajmaQFqF8q3v1Je 7UThz7rhlpYLVFGlXqCx49ikcR1j96+awzmZFXn+d5YX4vedst5TIbFkg8Nf36K5tokR BRD/Nr10/rGXvxJ9TxQ6fEnarUKGUMr91ODS2nfVfB93m77VWYzDmC1q3nv1+YZxCtTQ +Okw== X-Gm-Message-State: AOJu0Yyf5epMSY/CoG7vP9sNhzQU7N1LPmYdMZFpUAYlMappWTa/Rhq+ Tvoh2vCO4J1jBM0Mr9JtS4T9dd/+82nM3u09Vo0sROFdI22bBtmrrCWE1Pzh/A== X-Gm-Gg: ATEYQzwL6RANEvsAQjMhhDRu0IDpelO07WqTbyXck8/T6y4h4UL84y02EmCGuexJjKA mwt5K4FfiAqizS8uX6ZwyFc05TWBRoNJSPfojydtBlBr7mh74oK8l2wLmwSJK34VNXX+t0UVDBu whGLyQue23Ac7PD6bLXmwtEpyaB4MmQc2A6TbFTvoWLND3QtToXXPlpizFns4vgADghwAjvuTLt G1nwoI/cbnslYi93iIV8RzhDURDLUbYj1gJX9rEhb3Xo8OA4jfjdvjdtCIt79F/sKJxLIv7Hbl6 Qndhy0OEj1vYo2vkauLhsxDdcEgBt77+fI1TCR6Isn7hvE2kQJtVYQAx5lec22AbJYm6MpN8Zo6 j1SmMgsugIaQ7x88jAo1971cXVra0cRHyfU5gGYpgcjWPKZjElfrLswMKVtKzK8QoGXJtiAtvO+ dhZFwIwN+Yb/yNY86a9NN4Ggm7Y25HmUj69B08 X-Received: by 2002:a05:6512:401e:b0:5a2:a8ab:ab57 with SMTP id 2adb3069b0e04-5a2ab91ca08mr4064966e87.23.1774871649228; Mon, 30 Mar 2026 04:54:09 -0700 (PDT) Received: from localhost ([2a06:a780:1000:2::128:3b5d]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a2b1443f30sm1638090e87.41.2026.03.30.04.54.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 04:54:08 -0700 (PDT) X-Google-Original-From: Sergey Bronnikov To: tarantool-patches@dev.tarantool.org, Sergey Kaplun Date: Mon, 30 Mar 2026 14:39:26 +0300 Message-ID: <7183dd75158a7191fc2b08ae43e17e4f3d1afcf2.1774870754.git.sergeyb@tarantool.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH luajit] Prevent false positive sanitizer warning in unpack(). X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Sergey Bronnikov. (cherry picked from commit f322ecb51e3cea06683cc201e8ce224ec42fdab8) The UndefinedBehaviour sanitizer produce a runtime warning when INT_MAX is passed to `unpack()` as index `j`. This happens because `i` in lj_cf_unpack() was incremented before the checking loop invariant and this could to a signed integer overflo. The patch fixes the issue by moving a loop invariant to a loop body. Sergey Bronnikov: * added the description and the test for the problem Part of tarantool/tarantool#12134 --- Branch: https://github.com/tarantool/luajit/tree/ligurio/lj-1450-unpack-ub Related issues: * https://github.com/LuaJIT/LuaJIT/issues/1450 * https://github.com/tarantool/tarantool/issues/12134 src/lib_base.c | 4 ++- .../lj-1450-unpack-huge-indices.test.lua | 28 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua diff --git a/src/lib_base.c b/src/lib_base.c index a5b907de..714dc5bf 100644 --- a/src/lib_base.c +++ b/src/lib_base.c @@ -241,7 +241,9 @@ LJLIB_CF(unpack) } else { setnilV(L->top++); } - } while (i++ < e); + if (i >= e) break; + i++; + } while (1); return n; } diff --git a/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua b/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua new file mode 100644 index 00000000..1a09e273 --- /dev/null +++ b/test/tarantool-tests/lj-1450-unpack-huge-indices.test.lua @@ -0,0 +1,28 @@ +local tap = require('tap') + +-- The test file to demonstrate UBSan warning for `unpack()` with +-- a huge indices value. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1450. +local test = tap.test('lj-1450-unpack-huge-indices') + +test:plan(4) + +local INT_MAX = 2 ^ 31 - 1 + +-- The first test check the UBSan runtime error. The assertions +-- were added just to be sure we don't change the behaviour. +-- The second test additionally check a correct behaviour for +-- a value. +local tbl = { + [INT_MAX] = INT_MAX, + [INT_MAX - 1] = INT_MAX - 1, +} +local status, res = pcall(unpack, tbl, INT_MAX, INT_MAX) +test:ok(status, 'unpack with INT_MAX: correct status') +test:is(res, INT_MAX, 'unpack with INT_MAX: correct result') + +status, res = pcall(unpack, tbl, INT_MAX - 1, INT_MAX - 1) +test:ok(status, 'unpack with INT_MAX - 1: correct status') +test:is(res, INT_MAX - 1, 'unpack with INT_MAX - 1: correct result') + +test:done(true) -- 2.43.0