From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 3C9B26ECCC;
	Tue,  9 Jun 2026 14:35:41 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 3C9B26ECCC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1781004941; bh=r2NAVKVSxctONvdgH4X+/8PG4ynPbHo6XXfqCEYlO+g=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=PD9p/8kqXji98YSUcbpEpNG4p3Gi57jsP3AgN1VW+N1ANAQKZfYAlbzNbHgG1ifvd
	 xvkS/zRmkur7UwJL41c2c+oFL45G6Kaep6UKkXoM5SjhAzBhIlRjSS7kWGNFYTA/of
	 4wKU6oAuUbgBeYxRNMTxjys8syaImaPqXRtIiz7I=
Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com
 [209.85.128.181])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 47BE96ECCC
 for <tarantool-patches@dev.tarantool.org>;
 Tue,  9 Jun 2026 14:35:39 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 47BE96ECCC
Received: by mail-yw1-f181.google.com with SMTP id
 00721157ae682-7e2fa3062easo54945717b3.2
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 09 Jun 2026 04:35:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1781004938; x=1781609738;
 h=content-transfer-encoding:mime-version:message-id:date:subject:to
 :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=EgWj/LxfqxAu3biLDkTm/zqq/yxY4uVjyakQFZX4ezM=;
 b=ehihe01xyn8UcC2jOJBaroU4AuxVsRS7DdineTtcVq/rlQU8ZgH77zwqHU4Tm+C2yk
 +bKXqRtPRydySAlNtAJ5TVCKE7XOV2aL5Ifvu0qOL/J5YM+Vhipcq7HefD7T5h7O64ph
 XBPOOYHEw+ENUtWHEq6A6DrF5MjWQ0IS/Qk943Q3iboQO7DuusC7Pfld9Ydsbqhnum/K
 TJM+XYbqaKlVaMVKv9l8DIX6+2yy/dKwdmmV7CskngHq/DGOCsYatw4wEXH9hU6ZDS9b
 3yH2f1AuTX+hl1U/6iYVN7BuVO53hY8CgVrEGoh/6XnnhVDrpbeCT7DV/suyoEiJRwX4
 OTZQ==
X-Gm-Message-State: AOJu0YzgGKWfZCUMHrguEbfMzcf3CkoxEOeX3veyO+Y5mPcK31wlbkSw
 h9h3XyEw7aPUjUMyg+t4KGsZuHL62brt9FHADwrs3DO0Y4Fzo37Pss5eNv31/g==
X-Gm-Gg: Acq92OGYZ2IGHv6yJbf/ySa82zckqnruqECGIonVAMJgFbqeCtrS8CgujJ6JRUOFPPH
 J00spcQFUpdVU+Ut8lYcn8hVXOa/Elxv5LVwjGaa3e2ev4ZoTXUGS+uWhyHdMJR8iIGWkV2HtKH
 A228jO6WhLH+Cr7SyommW3RsftWLsm18mSLx58aFWW8TEi/wKUTbNhVRv1EODQ9T2/NgSkdB/XP
 aaPvHgsj62xyZB0hxQFxpr61tZ/Kj1KSolo8DaKz0idNjGzn+jXo28fC3D+B57NXIkTrA9jag/3
 8LbZGbOCeLbULDouhVlXn2biLEbBpTOCjYvJZ36mshLvVhLAKwvITxKjwWBKosveW/7z2uucDru
 DuqiSo8l8fIhXwNXGhoQMHjVWPJxVUo2q38NZsEQYt64LJEQTeVZEtZ6j/KVNolmRV2VO1hPesB
 NPxl95r1UM2pW6FgJA3QH6SsppJzQF0tQbiXyYMXdpmN6H8ig5
X-Received: by 2002:a05:690c:4b81:b0:79a:6249:a046 with SMTP id
 00721157ae682-7ed0a4f27b3mr191859237b3.9.1781004937430; 
 Tue, 09 Jun 2026 04:35:37 -0700 (PDT)
Received: from localhost ([2a06:a780:1000:2::74b5:a598])
 by smtp.gmail.com with ESMTPSA id
 00721157ae682-7ea20ea819esm95890167b3.10.2026.06.09.04.35.35
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 09 Jun 2026 04:35:36 -0700 (PDT)
X-Google-Original-From: Sergey Bronnikov <sergeyb@tarantool.org>
To: tarantool-patches@dev.tarantool.org, Sergey Kaplun <skaplun@tarantool.org>,
 e.temirgaleev@tarantool.org
Date: Tue,  9 Jun 2026 13:55:53 +0300
Message-ID: <a809bec02e4feb0a1d5215146c2262926b9094d6.1781002531.git.sergeyb@tarantool.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [Tarantool-patches] [PATCH luajit] Prevent sanitizer warnings for
 lj_tab_new*() and table.new().
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Bronnikov via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Bronnikov <estetus@gmail.com>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Reported by Sergey Bronnikov.

(cherry picked from commit 8f421c81ec6aaae0bcd80e01f4353de200afbbc5)

The Undefined Behaviour Sanitizer [1] produce a warning because
the function `lua_createtable()` takes signed integer arguments,
but the `lj_tab_new_ah()` was not properly validating or converting
these signed values before using them in unsigned arithmetic.

The fix changes the signature of `lj_tab_new_ah()` to accept
uint32_t directly, and adjusts `lua_createtable()` to cast the
incoming signed int values to uint32_t before passing them.

[1]: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Sergey Bronnikov:
* added the description and the test for the problem

Part of tarantool/tarantool#12480
---
Branch: https://github.com/tarantool/luajit/tree/ligurio/lj-1458-ub-lj_tab_new

Related issues:
- https://github.com/tarantool/tarantool/issues/12480
- https://github.com/LuaJIT/LuaJIT/issues/1458


 src/lj_api.c                                  |  2 +-
 src/lj_tab.c                                  |  4 +--
 src/lj_tab.h                                  |  2 +-
 .../lj-1458-ub-table.new.test.lua             | 30 +++++++++++++++++++
 4 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-1458-ub-table.new.test.lua

diff --git a/src/lj_api.c b/src/lj_api.c
index 16a1da0e..fc7a589f 100644
--- a/src/lj_api.c
+++ b/src/lj_api.c
@@ -746,7 +746,7 @@ LUA_API void lua_pushlightuserdata(lua_State *L, void *p)
 LUA_API void lua_createtable(lua_State *L, int narray, int nrec)
 {
   lj_gc_check(L);
-  settabV(L, L->top, lj_tab_new_ah(L, narray, nrec));
+  settabV(L, L->top, lj_tab_new_ah(L, (uint32_t)narray, (uint32_t)nrec));
   incr_top(L);
 }
 
diff --git a/src/lj_tab.c b/src/lj_tab.c
index 1d6a4b7f..9e253d03 100644
--- a/src/lj_tab.c
+++ b/src/lj_tab.c
@@ -165,9 +165,9 @@ GCtab *lj_tab_new(lua_State *L, uint32_t asize, uint32_t hbits)
 }
 
 /* The API of this function conforms to lua_createtable(). */
-GCtab *lj_tab_new_ah(lua_State *L, int32_t a, int32_t h)
+GCtab *lj_tab_new_ah(lua_State *L, uint32_t a, uint32_t h)
 {
-  return lj_tab_new(L, (uint32_t)(a > 0 ? a+1 : 0), hsize2hbits(h));
+  return lj_tab_new(L, a ? a+1 : 0, hsize2hbits(h));
 }
 
 #if LJ_HASJIT
diff --git a/src/lj_tab.h b/src/lj_tab.h
index 71e34945..77b08678 100644
--- a/src/lj_tab.h
+++ b/src/lj_tab.h
@@ -34,7 +34,7 @@ static LJ_AINLINE uint32_t hashrot(uint32_t lo, uint32_t hi)
 #define hsize2hbits(s)	((s) ? ((s)==1 ? 1 : 1+lj_fls((uint32_t)((s)-1))) : 0)
 
 LJ_FUNCA GCtab *lj_tab_new(lua_State *L, uint32_t asize, uint32_t hbits);
-LJ_FUNC GCtab *lj_tab_new_ah(lua_State *L, int32_t a, int32_t h);
+LJ_FUNC GCtab *lj_tab_new_ah(lua_State *L, uint32_t a, uint32_t h);
 #if LJ_HASJIT
 LJ_FUNC GCtab * LJ_FASTCALL lj_tab_new1(lua_State *L, uint32_t ahsize);
 #endif
diff --git a/test/tarantool-tests/lj-1458-ub-table.new.test.lua b/test/tarantool-tests/lj-1458-ub-table.new.test.lua
new file mode 100644
index 00000000..d0cf6ff5
--- /dev/null
+++ b/test/tarantool-tests/lj-1458-ub-table.new.test.lua
@@ -0,0 +1,30 @@
+local tap = require('tap')
+
+-- The test file to demonstrate UBSan warning for `table.new()`
+-- with a minimal and maximum array and hash parts values.
+-- See also: https://github.com/LuaJIT/LuaJIT/issues/1458.
+local test = tap.test('lj-1458-ub-table-new')
+
+test:plan(8)
+
+local table_new = require('table.new')
+
+local INT_MAX =  2 ^ 31 - 1
+local INT_MIN = -2 ^ 31
+
+local table_sizes = {
+  { 0, INT_MIN },
+  { 0, INT_MAX },
+  { INT_MIN, 0 },
+  { INT_MAX, 0 },
+}
+
+for _, case in ipairs(table_sizes) do
+  local apart, hpart = unpack(case)
+  local ok, err = pcall(table_new, apart, hpart)
+  local message = ('table.new(%d, %d)'):format(apart, hpart)
+  test:is(ok, false, message .. ' is failed')
+  test:ok(err:match('table overflow'), message .. ' correct error message')
+end
+
+test:done(true)
-- 
2.43.0