aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Pall <mike>2023-11-12 14:42:24 +0100
committerMike Pall <mike>2023-11-12 14:42:24 +0100
commita4c1640432a9d8a60624cdc8065b15078c228e36 (patch)
treea0c6f0d4fe83927dff1f7042a077631c1bcf52c1
parent65c849390702b1150d52e64db86cbc6b3c98413e (diff)
downloadluajit-a4c1640432a9d8a60624cdc8065b15078c228e36.tar.gz
luajit-a4c1640432a9d8a60624cdc8065b15078c228e36.tar.bz2
luajit-a4c1640432a9d8a60624cdc8065b15078c228e36.zip
Add stack check to pcall/xpcall.
Analyzed by Peter Cawley. #1048
Diffstat
-rw-r--r--src/vm_arm.dasc7
-rw-r--r--src/vm_mips.dasc10
-rw-r--r--src/vm_ppc.dasc8
-rw-r--r--src/vm_ppcspe.dasc8
-rw-r--r--src/vm_x86.dasc6
5 files changed, 38 insertions, 1 deletions
diff --git a/src/vm_arm.dasc b/src/vm_arm.dasc
index 7dae1a53..872de45a 100644
--- a/src/vm_arm.dasc
+++ b/src/vm_arm.dasc
@@ -1155,8 +1155,11 @@ static void build_subroutines(BuildCtx *ctx)
1155 |//-- Base library: catch errors ---------------------------------------- 1155 |//-- Base library: catch errors ----------------------------------------
1156 | 1156 |
1157 |.ffunc pcall 1157 |.ffunc pcall
1158 | ldr RB, L->maxstack
1159 | add INS, BASE, NARGS8:RC
1158 | ldrb RA, [DISPATCH, #DISPATCH_GL(hookmask)] 1160 | ldrb RA, [DISPATCH, #DISPATCH_GL(hookmask)]
1159 | cmp NARGS8:RC, #8 1161 | cmp NARGS8:RC, #8
1162 | cmphs RB, INS
1160 | blo ->fff_fallback 1163 | blo ->fff_fallback
1161 | tst RA, #HOOK_ACTIVE // Remember active hook before pcall. 1164 | tst RA, #HOOK_ACTIVE // Remember active hook before pcall.
1162 | mov RB, BASE 1165 | mov RB, BASE
@@ -1167,7 +1170,11 @@ static void build_subroutines(BuildCtx *ctx)
1167 | b ->vm_call_dispatch 1170 | b ->vm_call_dispatch
1168 | 1171 |
1169 |.ffunc_2 xpcall 1172 |.ffunc_2 xpcall
1173 | ldr RB, L->maxstack
1174 | add INS, BASE, NARGS8:RC
1170 | ldrb RA, [DISPATCH, #DISPATCH_GL(hookmask)] 1175 | ldrb RA, [DISPATCH, #DISPATCH_GL(hookmask)]
1176 | cmp RB, INS
1177 | blo ->fff_fallback
1171 | checkfunc CARG4, ->fff_fallback // Traceback must be a function. 1178 | checkfunc CARG4, ->fff_fallback // Traceback must be a function.
1172 | mov RB, BASE 1179 | mov RB, BASE
1173 | strd CARG12, [BASE, #8] // Swap function and traceback. 1180 | strd CARG12, [BASE, #8] // Swap function and traceback.
diff --git a/src/vm_mips.dasc b/src/vm_mips.dasc
index f6f801f2..c4c0a416 100644
--- a/src/vm_mips.dasc
+++ b/src/vm_mips.dasc
@@ -1244,9 +1244,13 @@ static void build_subroutines(BuildCtx *ctx)
1244 |//-- Base library: catch errors ---------------------------------------- 1244 |//-- Base library: catch errors ----------------------------------------
1245 | 1245 |
1246 |.ffunc pcall 1246 |.ffunc pcall
1247 | lw TMP1, L->maxstack
1248 | addu TMP2, BASE, NARGS8:RC
1247 | lbu TMP3, DISPATCH_GL(hookmask)(DISPATCH) 1249 | lbu TMP3, DISPATCH_GL(hookmask)(DISPATCH)
1248 | beqz NARGS8:RC, ->fff_fallback 1250 | beqz NARGS8:RC, ->fff_fallback
1249 | move TMP2, BASE 1251 |. sltu AT, TMP1, TMP2
1252 | bnez AT, ->fff_fallback
1253 |. move TMP2, BASE
1250 | addiu BASE, BASE, 8 1254 | addiu BASE, BASE, 8
1251 | // Remember active hook before pcall. 1255 | // Remember active hook before pcall.
1252 | srl TMP3, TMP3, HOOK_ACTIVE_SHIFT 1256 | srl TMP3, TMP3, HOOK_ACTIVE_SHIFT
@@ -1256,8 +1260,12 @@ static void build_subroutines(BuildCtx *ctx)
1256 |. addiu NARGS8:RC, NARGS8:RC, -8 1260 |. addiu NARGS8:RC, NARGS8:RC, -8
1257 | 1261 |
1258 |.ffunc xpcall 1262 |.ffunc xpcall
1263 | lw TMP1, L->maxstack
1264 | addu TMP2, BASE, NARGS8:RC
1259 | sltiu AT, NARGS8:RC, 16 1265 | sltiu AT, NARGS8:RC, 16
1260 | lw CARG4, 8+HI(BASE) 1266 | lw CARG4, 8+HI(BASE)
1267 | sltu TMP1, TMP1, TMP2
1268 | or AT, AT, TMP1
1261 | bnez AT, ->fff_fallback 1269 | bnez AT, ->fff_fallback
1262 |. ldc1 FARG2, 8(BASE) 1270 |. ldc1 FARG2, 8(BASE)
1263 | ldc1 FARG1, 0(BASE) 1271 | ldc1 FARG1, 0(BASE)
diff --git a/src/vm_ppc.dasc b/src/vm_ppc.dasc
index 61ebbb04..d6792f2c 100644
--- a/src/vm_ppc.dasc
+++ b/src/vm_ppc.dasc
@@ -1537,8 +1537,12 @@ static void build_subroutines(BuildCtx *ctx)
1537 |//-- Base library: catch errors ---------------------------------------- 1537 |//-- Base library: catch errors ----------------------------------------
1538 | 1538 |
1539 |.ffunc pcall 1539 |.ffunc pcall
1540 | lwz TMP1, L->maxstack
1541 | add TMP2, BASE, NARGS8:RC
1540 | cmplwi NARGS8:RC, 8 1542 | cmplwi NARGS8:RC, 8
1541 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH) 1543 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH)
1544 | cmplw cr1, TMP1, TMP2
1545 | cror 4*cr0+lt, 4*cr0+lt, 4*cr1+lt
1542 | blt ->fff_fallback 1546 | blt ->fff_fallback
1543 | mr TMP2, BASE 1547 | mr TMP2, BASE
1544 | la BASE, 8(BASE) 1548 | la BASE, 8(BASE)
@@ -1549,9 +1553,13 @@ static void build_subroutines(BuildCtx *ctx)
1549 | b ->vm_call_dispatch 1553 | b ->vm_call_dispatch
1550 | 1554 |
1551 |.ffunc xpcall 1555 |.ffunc xpcall
1556 | lwz TMP1, L->maxstack
1557 | add TMP2, BASE, NARGS8:RC
1552 | cmplwi NARGS8:RC, 16 1558 | cmplwi NARGS8:RC, 16
1553 | lwz CARG4, 8(BASE) 1559 | lwz CARG4, 8(BASE)
1560 | cmplw cr1, TMP1, TMP2
1554 | lfd FARG2, 8(BASE) 1561 | lfd FARG2, 8(BASE)
1562 | cror 4*cr0+lt, 4*cr0+lt, 4*cr1+lt
1555 | lfd FARG1, 0(BASE) 1563 | lfd FARG1, 0(BASE)
1556 | blt ->fff_fallback 1564 | blt ->fff_fallback
1557 | lbz TMP1, DISPATCH_GL(hookmask)(DISPATCH) 1565 | lbz TMP1, DISPATCH_GL(hookmask)(DISPATCH)
diff --git a/src/vm_ppcspe.dasc b/src/vm_ppcspe.dasc
index c4a44191..ea33c08b 100644
--- a/src/vm_ppcspe.dasc
+++ b/src/vm_ppcspe.dasc
@@ -1184,8 +1184,12 @@ static void build_subroutines(BuildCtx *ctx)
1184 |//-- Base library: catch errors ---------------------------------------- 1184 |//-- Base library: catch errors ----------------------------------------
1185 | 1185 |
1186 |.ffunc pcall 1186 |.ffunc pcall
1187 | lwz TMP1, L->maxstack
1188 | add TMP2, BASE, NARGS8:RC
1187 | cmplwi NARGS8:RC, 8 1189 | cmplwi NARGS8:RC, 8
1188 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH) 1190 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH)
1191 | cmplw cr1, TMP1, TMP2
1192 | cror 4*cr0+lt, 4*cr0+lt, 4*cr1+lt
1189 | blt ->fff_fallback 1193 | blt ->fff_fallback
1190 | mr TMP2, BASE 1194 | mr TMP2, BASE
1191 | la BASE, 8(BASE) 1195 | la BASE, 8(BASE)
@@ -1196,8 +1200,12 @@ static void build_subroutines(BuildCtx *ctx)
1196 | b ->vm_call_dispatch 1200 | b ->vm_call_dispatch
1197 | 1201 |
1198 |.ffunc_2 xpcall 1202 |.ffunc_2 xpcall
1203 | lwz TMP1, L->maxstack
1204 | add TMP2, BASE, NARGS8:RC
1199 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH) 1205 | lbz TMP3, DISPATCH_GL(hookmask)(DISPATCH)
1200 | mr TMP2, BASE 1206 | mr TMP2, BASE
1207 | cmplw TMP1, TMP2
1208 | blt ->fff_fallback
1201 | checkfunc CARG2 // Traceback must be a function. 1209 | checkfunc CARG2 // Traceback must be a function.
1202 | checkfail ->fff_fallback 1210 | checkfail ->fff_fallback
1203 | la BASE, 16(BASE) 1211 | la BASE, 16(BASE)
diff --git a/src/vm_x86.dasc b/src/vm_x86.dasc
index 56712f90..811d5e75 100644
--- a/src/vm_x86.dasc
+++ b/src/vm_x86.dasc
@@ -1720,6 +1720,9 @@ static void build_subroutines(BuildCtx *ctx)
1720 |//-- Base library: catch errors ---------------------------------------- 1720 |//-- Base library: catch errors ----------------------------------------
1721 | 1721 |
1722 |.ffunc_1 pcall 1722 |.ffunc_1 pcall
1723 | mov L:RB, SAVE_L
1724 | lea RA, [BASE+NARGS:RD*8]
1725 | cmp RA, L:RB->maxstack; ja ->fff_fallback
1723 | lea RA, [BASE+8] 1726 | lea RA, [BASE+8]
1724 | sub NARGS:RD, 1 1727 | sub NARGS:RD, 1
1725 | mov PC, 8+FRAME_PCALL 1728 | mov PC, 8+FRAME_PCALL
@@ -1731,6 +1734,9 @@ static void build_subroutines(BuildCtx *ctx)
1731 | jmp ->vm_call_dispatch 1734 | jmp ->vm_call_dispatch
1732 | 1735 |
1733 |.ffunc_2 xpcall 1736 |.ffunc_2 xpcall
1737 | mov L:RB, SAVE_L
1738 | lea RA, [BASE+NARGS:RD*8]
1739 | cmp RA, L:RB->maxstack; ja ->fff_fallback
1734 | cmp dword [BASE+12], LJ_TFUNC; jne ->fff_fallback 1740 | cmp dword [BASE+12], LJ_TFUNC; jne ->fff_fallback
1735 | mov RB, [BASE+4] // Swap function and traceback. 1741 | mov RB, [BASE+4] // Swap function and traceback.
1736 | mov [BASE+12], RB 1742 | mov [BASE+12], RB
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 18:55:43 +0000