From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 19DE15CE0FB; Thu, 31 Aug 2023 14:32:51 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 19DE15CE0FB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1693481571; bh=/tiD4vXcPmEKRY/YP6ZRuvqJb4EoXC5vBgN9yzionXM=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=PQFrr5kJqHs50QIOpTDMx37CNrBMPW6ZiQ8QW0qs9a/25TDla5WcjI5arJvo8p7Xy wdfpjP5O9Ch1SAJd7IT1rVlu2G0uhFWPzjELIUYj+9lPjRuLNo1npdpcTj9eFulBd8 i2yEPyRVMMN9L+A+vOtU5cYGec3/7IbIAnA4SWBA= Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 1A4015CE0FB for ; Thu, 31 Aug 2023 14:32:49 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 1A4015CE0FB Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-52a4737a08fso829166a12.3 for ; Thu, 31 Aug 2023 04:32:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693481568; x=1694086368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7C68Y+vRnyScnJoCMBYoUG2VawZbN8hDshAKO0Ru/PQ=; b=dYjue+rWNyGrjVJdgvmQcqtOwC/SdYb/OTPjyCCOHfoKyoa1tIlwyE7ryvF2diG77I yKHzIRUHiJjYyJ+e0c1mGiX54XcjfnIaxGqFHl3Q9nX/WQBlCD2SDidW5nYVWRF3T9F/ DIgy3cfsnW4S3ljeF6/H0Zna3tlMyfqnreKq0wymEaBRdSin3+wFiNpBzb+yIis3U5e5 GpqmG2YekUxEJ1zz7wQqoaEfjrbWL+aERnXSpYvP+s0dA/tkGuFrEjNecbn8U4mBVq1g eqNz+gLgFNgfuAIlTEP+as7kVHHqHxR8fTHvDvQ0ezRlm0ht3L8g0feglbxEts4Nqx5c 631A== X-Gm-Message-State: AOJu0YxZMCKTngkPoCcL2FIT8nm7BrHGUzQ77JHLdayBEUbVqbTyBU1v 6Hw0ZHdwFmdRfpmxi3caMo7Qvfe/Mug= X-Google-Smtp-Source: AGHT+IFUkruaMw0HYZE144+pmxx0ODbXVIsq35WFLgNUyY8+P/jezbbFm0jRzuynGSmQqs4VVTyL0w== X-Received: by 2002:aa7:d898:0:b0:52a:5848:c674 with SMTP id u24-20020aa7d898000000b0052a5848c674mr4318512edq.12.1693481567653; Thu, 31 Aug 2023 04:32:47 -0700 (PDT) Received: from pony.. ([185.6.247.97]) by smtp.gmail.com with ESMTPSA id t3-20020aa7d4c3000000b0051bed21a635sm678142edr.74.2023.08.31.04.32.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Aug 2023 04:32:39 -0700 (PDT) To: tarantool-patches@dev.tarantool.org, Sergey Kaplun , max.kokryashkin@gmail.com Date: Thu, 31 Aug 2023 14:32:14 +0300 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH luajit 2/2][v2] Followup fix for embedded bytecode loader. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Sergey Bronnikov (cherry-picked from commit e49863eda13d095b1a78fd4ca0fd3a6a9a17d782) The patch follows up a previous patch and limits the total size of a chunk load by `lua_load` with size `LJ_MAX_BUF - 1`. Sergey Bronnikov: * added the description and the test --- src/lj_lex.c | 1 + test/tarantool-c-tests/lj-549-lua_load.test.c | 134 ++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 test/tarantool-c-tests/lj-549-lua_load.test.c diff --git a/src/lj_lex.c b/src/lj_lex.c index 6291705f..13495c41 100644 --- a/src/lj_lex.c +++ b/src/lj_lex.c @@ -51,6 +51,7 @@ static LJ_NOINLINE LexChar lex_more(LexState *ls) if (sz >= LJ_MAX_BUF) { if (sz != ~(size_t)0) lj_err_mem(ls->L); sz = ~(uintptr_t)0 - (uintptr_t)p; + if (sz >= LJ_MAX_BUF) sz = LJ_MAX_BUF-1; ls->endmark = 1; } ls->pe = p + sz; diff --git a/test/tarantool-c-tests/lj-549-lua_load.test.c b/test/tarantool-c-tests/lj-549-lua_load.test.c new file mode 100644 index 00000000..9baa7a1a --- /dev/null +++ b/test/tarantool-c-tests/lj-549-lua_load.test.c @@ -0,0 +1,134 @@ +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "test.h" +#include "utils.h" + +/* Need for skipcond. */ +#include "lj_arch.h" + +/* Defined in lj_def.h. */ +#define LJ_MAX_MEM32 0x7fffff00 /* Max. 32 bit memory allocation. */ +#define LJ_MAX_BUF LJ_MAX_MEM32 /* Max. buffer length. */ + +/* Defined in lua.h. */ +/* mark for precompiled code (`Lua') */ +#define LUA_SIGNATURE "\033Lua" + +#define UNUSED(x) ((void)(x)) + +/** + * Function generates a huge chunk of "bytecode" with a size bigger than + * LJ_MAX_BUF. Generated chunk must enable endmark in a Lex state. + */ +static const char * +bc_reader_with_endmark(lua_State *L, void *data, size_t *size) +{ + UNUSED(data); + int bc_chunk_size = (size_t)0; + static char *bc_chunk = NULL; + free(bc_chunk); + + bc_chunk = malloc(bc_chunk_size); + assert(bc_chunk != NULL); + + /** + * `lua_load` automatically detects whether the chunk is text or binary, + * and loads it accordingly. We need a trace for bytecode input, + * so it is necessary to deceive a check in lj_lex_setup, that + * makes a sanity check and detects whether input is bytecode or text + * by the first char. Put LUA_SIGNATURE[0] at the beginning of the + * allocated region. + */ + bc_chunk[0] = LUA_SIGNATURE[0]; + + *size = bc_chunk_size; + + return bc_chunk; +} + +static int bc_loader_with_endmark(void *test_state) +{ + lua_State *L = test_state; + void *ud = NULL; + int res = lua_load(L, bc_reader_with_endmark, ud, "endmark"); + + /* + * Make sure we passed the condition with lj_err_mem in the function + * `lex_more`. + */ + assert_true(res != LUA_ERRMEM); + + return TEST_EXIT_SUCCESS; +} + +enum bc_emission_state { + EMIT_BC, + EMIT_EOF, +}; + +typedef struct { + enum bc_emission_state state; +} dt; + +/** + * Function returns a bytecode chunk on the first call and NULL and size equal + * to zero on the second call. Triggers the END_OF_STREAM flag in the function + * `lex_more`. + */ +static const char * +bc_reader_with_eof(lua_State *L, void *data, size_t *size) +{ + UNUSED(data); + UNUSED(L); + dt *test_data = (dt *)data; + if (test_data->state == EMIT_EOF) { + *size = 0; + return NULL; + } + + static char *bc_chunk = NULL; + free(bc_chunk); + + size_t sz = 10; + bc_chunk = malloc(sz); + bc_chunk[0] = LUA_SIGNATURE[0]; + *size = sz; + + return bc_chunk; +} + +static int bc_loader_with_eof(void *test_state) +{ + lua_State *L = test_state; + dt test_data = {0}; + test_data.state = EMIT_BC; + int res = lua_load(L, bc_reader_with_eof, &test_data, "eof"); + assert_true(res = LUA_ERRSYNTAX); + if (res == LUA_OK) { + lua_pcall(L, 0, 0, 0); + } + + return TEST_EXIT_SUCCESS; +} + +int main(void) +{ + lua_State *L = utils_lua_init(); + const struct test_unit tgroup[] = { + test_unit_def(bc_loader_with_endmark), + test_unit_def(bc_loader_with_eof) + }; + + const int test_result = test_run_group(tgroup, L); + utils_lua_close(L); + return test_result; +} -- 2.34.1