lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

I did not test it, but I was thinking something like this:

void luaC_runtilstate (lua_State *L, int statesmask, int nofin) {
  global_State *g = G(L);
  while (!testbit(statesmask, g->gcstate)) {
    if (nofin && g->gcstate == GCScallfin) {
      g->gcstate = GCSpause;  /* skip finalization state */
      if (testbit(statesmask, g->gcstate))

Oh. That's a nice way to patch.
But In some cases such as crash2.lua(or our PoC),  collectgarbage("step") calls finalizer(singlestep) through incstep function, not through runtilstate. Which means, setting the flag in only luaC_runtilsate function may not be enough.

Actually, I've tried the code you suggested.

The patch is great to handle crash1.lua, but it cannot handle the crash2.lua and Sandbox PoC, as they are related to collectgarbage("step") to trigger the problem.

In short, Just using flag in runtilstate function cannot handle the problem enough:

Especially in the case of explicity calling collectgarbage("step"), as incstep function call singlestep function without runtilstate.

---- [ code of incstep ] ----

static void incstep (lua_State *L, global_State *g) {
  int stepmul = (getgcparam(g->gcstepmul) | 1);  /* avoid division by 0 */
  l_mem debt = (g->GCdebt / WORK2MEM) * stepmul;
  l_mem stepsize = (g->gcstepsize <= log2maxs(l_mem))
                 ? ((cast(l_mem, 1) << g->gcstepsize) / WORK2MEM) * stepmul
                 : MAX_LMEM;  /* overflow; keep maximum value */
  do {  /* repeat until pause or enough "credit" (negative debt) */
    lu_mem work = singlestep(L);  /* perform one single step */
    debt -= work;



And, this is the only function that calls singlestep without runtilsate function.

Suggestion: To solve this problem, we have to fix incstep function or setting flag in singlestep function.

How do you think about it?

Thank you.

--Regards, Jihoi.