From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 16452A16BAE;
	Thu,  8 Feb 2024 12:40:46 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 16452A16BAE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1707385246; bh=1AXj1KqFn15qgDH6C6CkUUnstNQXyYamh2HjOcxekLA=;
	h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=PshZU6eupabp2bWgPdUbGgJqxb/+jfj6VMGEoL5iJOlgBv33SM+Nhe76c0q8YKFIG
	 EBebix49b9BuSCKOkIRbbdo27rfZFp+ANlqY2gge40QZB4zybI3k4fIcm/0gtcRo59
	 6j6En1fPLCXBjRjDXLS5zhq+wOJsTzIVh5XGno78=
Received: from smtp54.i.mail.ru (smtp54.i.mail.ru [95.163.41.89])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id B5FCCA16BAE
 for <tarantool-patches@dev.tarantool.org>;
 Thu,  8 Feb 2024 12:40:44 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org B5FCCA16BAE
Received: by smtp54.i.mail.ru with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1rY0tf-00000000m2B-2wt7; Thu, 08 Feb 2024 12:40:44 +0300
Date: Thu, 8 Feb 2024 12:36:45 +0300
To: Sergey Bronnikov <sergeyb@tarantool.org>
Message-ID: <ZcSgrYeewHsmD5qY@root>
References: <20240207120648.12416-1-skaplun@tarantool.org>
 <8e9ceb71-4234-4b72-9f76-80f164ca591d@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <8e9ceb71-4234-4b72-9f76-80f164ca591d@tarantool.org>
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD91FEFD63CE1B09916316E0C418293B113AB9044BC056ED5D000894C459B0CD1B957075988F769CF4FDA358AE8BBCD6CF08910ABBCD4BD24FBBE27E01EED00B7C22208A4954BE01924
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE757AEC41D7AA04458EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063715F166F2542EEE4C8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8B852BA48945CAB4045EB54666000D032B56AF3802B1369BACC7F00164DA146DAFE8445B8C89999728AA50765F7900637BA939FD1B3BAB99B389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8A9FF340AA05FB58CF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA7E827F84554CEF5019E625A9149C048EE33AC447995A7AD181150BA43C84913FC3A03B725D353964B0B7D0EA88DDEDAC722CA9DD8327EE4930A3850AC1BE2E735B344165809136645C4224003CC83647689D4C264860C145E
X-C1DE0DAB: 0D63561A33F958A5D37DA77EC70294A75002B1117B3ED696E4A629AE3E4923D0C66B2B37046EC955823CB91A9FED034534781492E4B8EEADBEC81E4AEBD6D2BFBDAD6C7F3747799A
X-C8649E89: 1C3962B70DF3F0ADBF74143AD284FC7177DD89D51EBB7742424CF958EAFF5D571004E42C50DC4CA955A7F0CF078B5EC49A30900B95165D3447DF5779098ECEE9A0C940A29602FA10EF486A2AFD809BCBB5D73E1AB7AA2BEA462D4DAB34C0827B1D7E09C32AA3244CCC3E321F50450C7277DD89D51EBB774201578FFDDC7E7235EA455F16B58544A2557BDE0DD54B3590A5AE236DF995FB59829709634694AABAED6A17656DB59BCAD427812AF56FC65B
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojlN/n4z3iVuTY6YS8+pGg4g==
X-DA7885C5: 44D441A9880EB899F255D290C0D534F90E45D6ECF8E8B95B0F479814EF5135433882957D583F6E515B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E
X-Mailru-Sender: 689FA8AB762F7393590D8C940224AE33AE792BE758AF02CFDF8E8E7E747C9E71F588C1CDB39DA2C1E49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH luajit] Avoid out-of-range number of
 results when compiling select(k, ...).
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Hi, Sergey!
Thanks for the review!

On 08.02.24, Sergey Bronnikov wrote:
> Hi, Sergey
> 
> thanks for the patch
> 
> couldn't reproduce a problem by provided test.

As you can see in the test comment, the test failed under ASAN with a
heap buffer overflow. Unfortunately, I didn't come up with an idea of
how to observe the misbehaviour (too long IRs for the trace) without
ASAN.

> 
> What compilation options I've used:
> 
> 
> 1st attempt:
> 
> cmake -S . -B build -DLUA_USE_ASSERT=ON -DLUA_USE_APICHECK=ON
> 
> 
> 2nd attempt:
> 
> CMAKE_BUILD_TYPE="Debug"
> CMAKE_C_COMPILER="clang"
> CMAKE_EXPORT_COMPILE_COMMANDS:BOOL="TRUE"
> LUAJIT_ENABLE_COVERAGE:BOOL="FALSE"
> LUAJIT_ENABLE_GC64:BOOL="TRUE"
> LUAJIT_USE_ASAN:BOOL="FALSE"
> LUAJIT_USE_SYSMALLOC:BOOL="FALSE"
> LUA_USE_APICHECK:BOOL="TRUE"
>    LUA_USE_ASSERT:BOOL="TRUE"
> 
> 
> Sergey
> 
> On 2/7/24 15:06, Sergey Kaplun wrote:

<snipped>

> > +local function varg_frame_wp()
> > +  -- XXX: Need some constant negative value as the first argument
> > +  -- of `select()` when recording the trace.
> > +  -- Also, it should be huge enough to be greater than
> > +  -- `J->maxslot`. The value on the first iteration is ignored.
> > +  -- This will fail under ASAN due to a heap buffer overflow.
> > +  varg_frame(recording and -(LJ_MAX_JSLOTS + 1) or 1)
> > +end

<snipped>

> > +
> > +test:done(true)

-- 
Best regards,
Sergey Kaplun