From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id E6712539169; Fri, 1 Sep 2023 13:05:14 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E6712539169 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1693562715; bh=fo2h09MKSMChCslkJIfLZs4Gn418PGRsHMGQRq4lwMk=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=n//WjDrybgCjSu7Ps5XRiRDePAlQvCdcMvDpehuqXCJwrTwj1z6ePcIChcYKF0Bct ws3eM+u47N/z2dZblMwLgIZmtzBisl44CwrmLZPyXtA/p61SLvsg1UBgiZIvuyBSns 6f1KMQVpzLcLG+VvJgVID6xf622G9sUCYJoUhCts= Received: from smtp49.i.mail.ru (smtp49.i.mail.ru [95.163.41.91]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 14DE0539169 for ; Fri, 1 Sep 2023 13:05:13 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 14DE0539169 Received: by smtp49.i.mail.ru with esmtpa (envelope-from ) id 1qc11c-00DpHJ-07; Fri, 01 Sep 2023 13:05:12 +0300 Date: Fri, 1 Sep 2023 13:05:11 +0300 To: Sergey Bronnikov Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailru-Src: smtp X-7564579A: B8F34718100C35BD X-77F55803: 4F1203BC0FB41BD96E142CFC92DB15CD9A7859371734312374D1E4EA2190E575182A05F538085040FA6546B805DF23FB227F5ACCC263222CAFDEC01E341C1F01DAF1D94CD3D169B1 X-C1DE0DAB: 0D63561A33F958A5D6B226044F36461001E611236B5B556B9049D0C7BD12FA35F87CCE6106E1FC07E67D4AC08A07B9B04E7D9683544204AFCB5012B2E24CD356 X-C8649E89: 1C3962B70DF3F0AD5177F0B940C8B66ECE892A7B2722663E91682638B966EB3F662256BEEFA9527F8A07830FDFA67CABF0A93E8FDAEC3F72689D17C45A32B0FFCE14DCAACC66734281E2DA53614C3F7737FD76D11AF80A0D1835CCC1ABD045EFA0089D1DE904ECF1EA455F16B58544A21C197AAF4D2E4732965026E5D17F6739C77C69D99B9914278E50E1F0597A6FD5CD72808BE417F3B9E0E7457915DAA85F X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj1b73jmY4IdZNL5rsxcM5+g== X-Mailru-Sender: 11C2EC085EDE56FA38FD4C59F7EFE4072D0DD6A9D4E69454698C0C8EC9691553116F0678BC710751D51284F0FE6F529ABC7555A253F5B200DF104D74F62EE79D27EC13EC74F6107F4198E0F3ECE9B5443453F38A29522196 X-Mras: OK Subject: Re: [Tarantool-patches] [PATCH luajit 2/2][v2] Followup fix for embedded bytecode loader. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Maxim Kokryashkin via Tarantool-patches Reply-To: Maxim Kokryashkin Cc: max.kokryashkin@gmail.com, tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" On Thu, Aug 31, 2023 at 02:32:14PM +0300, Sergey Bronnikov via Tarantool-patches wrote: > From: Sergey Bronnikov > > (cherry-picked from commit e49863eda13d095b1a78fd4ca0fd3a6a9a17d782) > > The patch follows up a previous patch and limits the total size of a > chunk load by `lua_load` with size `LJ_MAX_BUF - 1`. > > Sergey Bronnikov: > * added the description and the test > --- > src/lj_lex.c | 1 + > test/tarantool-c-tests/lj-549-lua_load.test.c | 134 ++++++++++++++++++ > 2 files changed, 135 insertions(+) > create mode 100644 test/tarantool-c-tests/lj-549-lua_load.test.c > > diff --git a/src/lj_lex.c b/src/lj_lex.c > index 6291705f..13495c41 100644 > --- a/src/lj_lex.c > +++ b/src/lj_lex.c > @@ -51,6 +51,7 @@ static LJ_NOINLINE LexChar lex_more(LexState *ls) > if (sz >= LJ_MAX_BUF) { > if (sz != ~(size_t)0) lj_err_mem(ls->L); > sz = ~(uintptr_t)0 - (uintptr_t)p; > + if (sz >= LJ_MAX_BUF) sz = LJ_MAX_BUF-1; > ls->endmark = 1; > } > ls->pe = p + sz; > diff --git a/test/tarantool-c-tests/lj-549-lua_load.test.c b/test/tarantool-c-tests/lj-549-lua_load.test.c > new file mode 100644 > index 00000000..9baa7a1a > --- /dev/null > +++ b/test/tarantool-c-tests/lj-549-lua_load.test.c > @@ -0,0 +1,134 @@ > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > + > +#include "test.h" > +#include "utils.h" > + > +/* Need for skipcond. */ > +#include "lj_arch.h" > + > +/* Defined in lj_def.h. */ > +#define LJ_MAX_MEM32 0x7fffff00 /* Max. 32 bit memory allocation. */ > +#define LJ_MAX_BUF LJ_MAX_MEM32 /* Max. buffer length. */ > + > +/* Defined in lua.h. */ > +/* mark for precompiled code (`Lua') */ > +#define LUA_SIGNATURE "\033Lua" > + > +#define UNUSED(x) ((void)(x)) > + > +/** > + * Function generates a huge chunk of "bytecode" with a size bigger than > + * LJ_MAX_BUF. Generated chunk must enable endmark in a Lex state. > + */ > +static const char * > +bc_reader_with_endmark(lua_State *L, void *data, size_t *size) > +{ > + UNUSED(data); > + int bc_chunk_size = (size_t)0; > + static char *bc_chunk = NULL; > + free(bc_chunk); What's the point of free here? Why the buffer is static? > + > + bc_chunk = malloc(bc_chunk_size); Malloc of zero size doesn't seem to be the thing you wanted to do. > + assert(bc_chunk != NULL); > + > + /** > + * `lua_load` automatically detects whether the chunk is text or binary, > + * and loads it accordingly. We need a trace for bytecode input, > + * so it is necessary to deceive a check in lj_lex_setup, that > + * makes a sanity check and detects whether input is bytecode or text > + * by the first char. Put LUA_SIGNATURE[0] at the beginning of the > + * allocated region. > + */ > + bc_chunk[0] = LUA_SIGNATURE[0]; > + > + *size = bc_chunk_size; > + > + return bc_chunk; > +} > + > +static int bc_loader_with_endmark(void *test_state) > +{ > + lua_State *L = test_state; > + void *ud = NULL; > + int res = lua_load(L, bc_reader_with_endmark, ud, "endmark"); > + > + /* > + * Make sure we passed the condition with lj_err_mem in the function > + * `lex_more`. > + */ > + assert_true(res != LUA_ERRMEM); > + > + return TEST_EXIT_SUCCESS; > +} > + > +enum bc_emission_state { > + EMIT_BC, > + EMIT_EOF, > +}; > + > +typedef struct { > + enum bc_emission_state state; > +} dt; > + > +/** > + * Function returns a bytecode chunk on the first call and NULL and size equal > + * to zero on the second call. Triggers the END_OF_STREAM flag in the function > + * `lex_more`. > + */ > +static const char * > +bc_reader_with_eof(lua_State *L, void *data, size_t *size) > +{ > + UNUSED(data); > + UNUSED(L); > + dt *test_data = (dt *)data; > + if (test_data->state == EMIT_EOF) { This section is unreachable, isn't it? > + *size = 0; > + return NULL; > + } > + > + static char *bc_chunk = NULL; > + free(bc_chunk); Ditto. > + > + size_t sz = 10; Is there any reason for it to be exactly 10? Drop a comment. > + bc_chunk = malloc(sz); > + bc_chunk[0] = LUA_SIGNATURE[0]; > + *size = sz; > + > + return bc_chunk; > +} > + > +static int bc_loader_with_eof(void *test_state) > +{ > + lua_State *L = test_state; > + dt test_data = {0}; > + test_data.state = EMIT_BC; > + int res = lua_load(L, bc_reader_with_eof, &test_data, "eof"); > + assert_true(res = LUA_ERRSYNTAX); > + if (res == LUA_OK) { > + lua_pcall(L, 0, 0, 0); > + } > + > + return TEST_EXIT_SUCCESS; > +} > + > +int main(void) > +{ > + lua_State *L = utils_lua_init(); > + const struct test_unit tgroup[] = { > + test_unit_def(bc_loader_with_endmark), > + test_unit_def(bc_loader_with_eof) > + }; > + > + const int test_result = test_run_group(tgroup, L); > + utils_lua_close(L); > + return test_result; > +} > -- > 2.34.1 >