From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 04E9D1BE9A1; Wed, 8 Nov 2023 21:42:18 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 04E9D1BE9A1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1699468938; bh=yGrxJe0j/EQlqr5tEJ7FspVHg1CqzE83tSWq4LZzp8Y=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=RqDllM8jKuXzKKugl2zeD8bibRuKOkbmavu5+NTNICf1y5MdTdgGbqFHZYdL0LtZ5 pEgQnmSpJbMSjd/T/RuD1omNcpy5oJzgeWtqs4RZoZIqiHa838B0906DsU5gmR22rF VJoGnJqEx2SaDhv3LUWRgeiH60jrc/BbGgm4JRmA= Received: from smtp49.i.mail.ru (smtp49.i.mail.ru [95.163.41.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 3112F1BE9A1 for ; Wed, 8 Nov 2023 21:42:16 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 3112F1BE9A1 Received: by smtp49.i.mail.ru with esmtpa (envelope-from ) id 1r0nVH-003RgY-0m; Wed, 08 Nov 2023 21:42:15 +0300 Date: Wed, 8 Nov 2023 18:39:59 +0000 To: Sergey Kaplun Message-ID: References: <20231108084044.6654-1-skaplun@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20231108084044.6654-1-skaplun@tarantool.org> X-Clacks-Overhead: GNU Terry Pratchett X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD9562B317E0136C8D346679895B712F137819A527523E4D068182A05F5380850404C228DA9ACA6FE275AF27193AD5AD5FB3066C458A1AB5E852F8543E6CEAB25FBF47167B29CE7576B X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE77E216A0E97507353EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063700ADE00200597A808638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8961836727DB5B57271203895DD323389117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCF80095D1E57F4578A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD18E5D25F19253116ADD2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE9647ADFADE5905B13071BDA2D7A0BB39D8FC6C240DEA76429C9F4D5AE37F343AA9539A8B242431040A6AB1C7CE11FEE34CB6874B0BCFF0B82D242C3BD2E3F4C6C4224003CC836476E2F48590F00D11D6E2021AF6380DFAD1A18204E546F3947CB861051D4BA689FC2E808ACE2090B5E1725E5C173C3A84C3C5EA940A35A165FF2DBA43225CD8A89F616AD31D0D18CD5C35872C767BF85DA2F004C90652538430E4A6367B16DE6309 X-C1DE0DAB: 0D63561A33F958A5FA6759AC95947B856A2EE8DB4272342755B2F8746AAC91C1F87CCE6106E1FC07E67D4AC08A07B9B0AD0E433DBF1FBFA3CB5012B2E24CD356 X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF3567C010CE67FD1DBD3E3B2D20AC9B6012AA40EBF825F01FD809D2658E32DA42F09515A9A3E4BB8D2B33B16BC67043E09572C95030A06935323122BB2EE60AC0461A413F07889F2102C26D483E81D6BEECAEF3E2CCC1ED8C383653B6C8D9AE0FD16FCAA6493B703A X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojGx6zOZpnTNCKk/KPPy1tBg== X-Mailru-Sender: 2FEBA92C8E508479FE7B9A1DF348D5316784801EDADED7113323796673C15E4251C05F07CCC97CB22326FE6F2A341ACE0FB9F97486540B4CD9E8847AB8CFED4D9ABF8A61C016C2CFB0DAF586E7D11B3E67EA787935ED9F1B X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] FFI: Fix pragma push stack limit check and throw on overflow. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Igor Munkin via Tarantool-patches Reply-To: Igor Munkin Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Sergey, Thanks for the patch! LGTM, with a single nit below. On 08.11.23, Sergey Kaplun wrote: > From: Mike Pall > > Reported by Sergey Kaplun. > > (cherry-picked from commit 433d7e8d8d182f44e88b5cfdc4b2d3026469dfb7) > > `cp->packstack` is the array of size `CPARSE_MAX_PACKSTACK` (7). Before > the patch, `cp->curpack` is checked to be less than > `CPARSE_MAX_PACKSTACK`, but then `cp->packstack` is accessed at > `cp->curpack + 1`, which is out of bounds, so `cp->curpack` value is > overwritten. > > This patch fixes a condition and also adds the error throw when counter > is overflow (instead of rewriting a top `cp->packstack` value). > > Sergey Kaplun: > * added the description and the test for the problem > > Resolves tarantool/tarantool#9339 > Part of tarantool/tarantool#9145 > --- > > Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1114-ffi-pragma-pack > Tarantool PR: https://github.com/tarantool/tarantool/pull/9342 > Relate issues: > * https://github.com/LuaJIT/LuaJIT/issues/1114 > * https://github.com/tarantool/tarantool/issues/9339 > * https://github.com/tarantool/tarantool/issues/9145 > > src/lj_cparse.c | 4 +- > .../lj-1114-ffi-pragma-pack.test.lua | 44 +++++++++++++++++++ > 2 files changed, 47 insertions(+), 1 deletion(-) > create mode 100644 test/tarantool-tests/lj-1114-ffi-pragma-pack.test.lua > > diff --git a/test/tarantool-tests/lj-1114-ffi-pragma-pack.test.lua b/test/tarantool-tests/lj-1114-ffi-pragma-pack.test.lua > new file mode 100644 > index 00000000..e5642828 > --- /dev/null > +++ b/test/tarantool-tests/lj-1114-ffi-pragma-pack.test.lua > @@ -0,0 +1,44 @@ > +local tap = require('tap') > + > +-- Test file to demonstrate LuaJIT incorrect parsing of `#pragma` > +-- directive via FFI. > +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1114. > + > +local test = tap.test('lj-1114-ffi-pragma-pack') > +local ffi = require 'ffi' Please use parantheses here too. > + > +test:plan(2) > + > +-- `cp->packstack` is the array of size `CPARSE_MAX_PACKSTACK` > +-- (7). Before the patch, `cp->curpack` is checked to be less than > +-- `CPARSE_MAX_PACKSTACK`, but then `cp->packstack` is accessed at > +-- `cp->curpack + 1`, which is out of bounds, so `cp->curpack` > +-- value is overwritten. > +-- As a result, the incorrect pack value (1) is chosen after pop. > +-- After the patch, the error is thrown in the case of overflow > +-- (instead of rewriting the top pack slot value), so we use the > +-- wrapper to catch the error. > +local function ffi_cdef_wp() > + ffi.cdef[[ > + #pragma pack(push, 1) > + #pragma pack(push, 1) > + #pragma pack(push, 1) > + #pragma pack(push, 1) > + #pragma pack(push, 8) > + #pragma pack(push, 8) > + #pragma pack(push, 8) > + #pragma pack(pop) > + struct aligned_struct {uint64_t a; uint8_t b;}; > + ]] > + > + -- Got 9 in case of buffer overflow. > + return ffi.sizeof(ffi.new('struct aligned_struct')) > +end > + > +local err, msg = pcall(ffi_cdef_wp) > + > +test:ok(not err, 'the error is thrown when couner overflows') > +test:like(msg, 'chunk has too many syntax levels', > + 'the error message is correct') > + > +test:done(true) > -- > 2.42.0 > -- Best regards, IM