Bug (kind of) in 'isinstack'

The function 'isinstack' tried to work around the undefined behavior of subtracting two pointers that do not point to the same object, but the compiler killed to trick. (It optimizes out the safety check, because in a correct execution it will be always true.)
author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2021-02-25 13:39:36 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2021-02-25 13:39:36 -0300
commit: e0260eb2d4085723302d637dd8f3fca339d18817 (patch)
tree: b9cf6cdaf3c5b3a51c16ef0cf9bb46564e5ce807 /ldebug.c
parent: 5205f073c57ae4b69e90d35c02e3a1a1cca44eb4 (diff)
download: lua-e0260eb2d4085723302d637dd8f3fca339d18817.tar.gz
lua-e0260eb2d4085723302d637dd8f3fca339d18817.tar.bz2
lua-e0260eb2d4085723302d637dd8f3fca339d18817.zip
1 files changed, 10 insertions, 6 deletions
diff --git a/ldebug.c b/ldebug.c
index 603c39fc..8e3657a9 100644
--- a/ldebug.c
+++ b/ldebug.c
@@ -638,14 +638,18 @@ static const char *funcnamefromcode (lua_State *L, CallInfo *ci,
 /*
-** The subtraction of two potentially unrelated pointers is
+** Check whether pointer 'o' points to some value in the stack
-** not ISO C, but it should not crash a program; the subsequent
+** frame of the current function. Because 'o' may not point to a
-** checks are ISO C and ensure a correct result.
+** value in this stack, we cannot compare it with the region
+** boundaries (undefined behaviour in ISO C).
 */
 static int isinstack (CallInfo *ci, const TValue *o) {
-  StkId base = ci->func + 1;
+  StkId pos;
-  ptrdiff_t i = cast(StkId, o) - base;
+  for (pos = ci->func + 1; pos < ci->top; pos++) {
-  return (0 <= i && i < (ci->top - base) && s2v(base + i) == o);
+    if (o == s2v(pos))
+      return 1;
+  }
+  return 0;  /* not found */
 }
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2021-02-25 13:39:36 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2021-02-25 13:39:36 -0300
commit	e0260eb2d4085723302d637dd8f3fca339d18817 (patch)
tree	b9cf6cdaf3c5b3a51c16ef0cf9bb46564e5ce807 /ldebug.c
parent	5205f073c57ae4b69e90d35c02e3a1a1cca44eb4 (diff)
download	lua-e0260eb2d4085723302d637dd8f3fca339d18817.tar.gz lua-e0260eb2d4085723302d637dd8f3fca339d18817.tar.bz2 lua-e0260eb2d4085723302d637dd8f3fca339d18817.zip

diff --git a/ldebug.c b/ldebug.c index 603c39fc..8e3657a9 100644 --- a/ldebug.c +++ b/ldebug.c
@@ -638,14 +638,18 @@ static const char funcnamefromcode (lua_State L, CallInfo *ci,
638		638
639		639
640	/*	640	/*
641	** The subtraction of two potentially unrelated pointers is	641	** Check whether pointer 'o' points to some value in the stack
642	** not ISO C, but it should not crash a program; the subsequent	642	** frame of the current function. Because 'o' may not point to a
643	** checks are ISO C and ensure a correct result.	643	** value in this stack, we cannot compare it with the region
		644	** boundaries (undefined behaviour in ISO C).
644	*/	645	*/
645	static int isinstack (CallInfo ci, const TValue o) {	646	static int isinstack (CallInfo ci, const TValue o) {
646	StkId base = ci->func + 1;	647	StkId pos;
647	ptrdiff_t i = cast(StkId, o) - base;	648	for (pos = ci->func + 1; pos < ci->top; pos++) {
648	return (0 <= i && i < (ci->top - base) && s2v(base + i) == o);	649	if (o == s2v(pos))
		650	return 1;
		651	}
		652	return 0; /* not found */
649	}	653	}
650		654
651		655