[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua 5.4.0-rc5 segfault in low memory conditions
- From: Sergey Zakharchenko <doublef.mobile@...>
- Date: Sun, 14 Jun 2020 16:20:31 +0400
Andrew,
Andrew Gierth <andrew@tao11.riddles.org.uk>:
> I think there are more barriers missing in lundump.c, specifically when
> string values are loaded into the constants vector (and debug vector) of
> a prototype; this needs a barrier (since the prototype might have been
> marked) but I see no sign of one.
Though I'm a bit uneasy sprinkling barriers in so many places where
there used to be none, looks like the attached (updated) patch
mitigates the problem, even for cases of multiple failures on MIPS.
Best regards,
--
DoubleF
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -1977,6 +1977,7 @@ LClosure *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff,
sethvalue2s(L, L->top, lexstate.h); /* anchor it */
luaD_inctop(L);
funcstate.f = cl->p = luaF_newproto(L);
+ luaC_objbarrier(L, cl, cl->p);
funcstate.f->source = luaS_new(L, name); /* create and anchor TString */
luaC_objbarrier(L, funcstate.f, funcstate.f->source);
lexstate.buff = buff;
--- a/src/lundump.c
+++ b/src/lundump.c
@@ -175,6 +175,7 @@
case LUA_VSHRSTR:
case LUA_VLNGSTR:
setsvalue2n(S->L, o, loadString(S));
+ luaC_objbarrier(S->L, f, tsvalue(o));
break;
default: lua_assert(0);
}
@@ -191,6 +192,7 @@
f->p[i] = NULL;
for (i = 0; i < n; i++) {
f->p[i] = luaF_newproto(S->L);
+ luaC_objbarrier(S->L, f, f->p[i]);
loadFunction(S, f->p[i], f->source);
}
}
@@ -230,12 +232,17 @@
f->locvars[i].varname = NULL;
for (i = 0; i < n; i++) {
f->locvars[i].varname = loadStringN(S);
+ if (f->locvars[i].varname)
+ luaC_objbarrier(S->L, f, f->locvars[i].varname);
f->locvars[i].startpc = loadInt(S);
f->locvars[i].endpc = loadInt(S);
}
n = loadInt(S);
- for (i = 0; i < n; i++)
+ for (i = 0; i < n; i++) {
f->upvalues[i].name = loadStringN(S);
+ if (f->upvalues[i].name)
+ luaC_objbarrier(S->L, f, f->upvalues[i].name);
+ }
}
@@ -243,6 +250,8 @@
f->source = loadStringN(S);
if (f->source == NULL) /* no source in dump? */
f->source = psource; /* reuse parent's source */
+ else
+ luaC_objbarrier(S->L, f, f->source);
f->linedefined = loadInt(S);
f->lastlinedefined = loadInt(S);
f->numparams = loadByte(S);
@@ -310,6 +319,7 @@
setclLvalue2s(L, L->top, cl);
luaD_inctop(L);
cl->p = luaF_newproto(L);
+ luaC_objbarrier(L, cl, cl->p);
loadFunction(&S, cl->p, NULL);
lua_assert(cl->nupvalues == cl->p->sizeupvalues);
luai_verifycode(L, buff, cl->p);
- References:
- Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Andrew Gierth
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Bogdan Marinescu
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Andrew Gierth
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Sergey Zakharchenko
- Re: Lua 5.4.0-rc5 segfault in low memory conditions, Andrew Gierth
