tarantool
/
luajit
/
6109128487
88%
tarantool/master: 93%
tarantool/master: 93%
|
Ran
|
Jobs
1
|
Files
89
|
Run time
4s
|
Badge
Embed ▾
README BADGES
|
coverage: 88.167% (+0.1%) from 88.047%
push
github
igormunkinFix predict_next() in parser (again). Reported by Sergey Bronnikov. (cherry picked from commit 309fb42b8) The following Lua snippet triggers out-of-boundary access to a stack: ``` a, b, c = 1, 2, 3 local d for _ in nil do end ``` During the execution of this snippet with LuaJIT instrumented by ASAN, it leads to a heap-based buffer overflow. In function `predict_next()` variable `exprpc` looks forward and expects extra bytecodes on the stack. However, `KPRI` is merged to `KNIL` and there is no new bytecode to add, so `exprpc == fs->bclim`, and it leads to out-of-boundary access. Issue has been fixed by an early return when `pc >= fs->bclim`. Sergey Bronnikov: * added the description and the test for the problem Part of tarantool/tarantool#8825
5335 of 5969 branches covered (0.0%)
Branch coverage included in aggregate %.
20459 of 23287 relevant lines covered (87.86%)
1285815.48 hits per line
Uncovered Existing Lines
| Lines | Coverage | ∆ | File |
|---|---|---|---|
| 1 |
95.64 |
-0.05% | src/lj_record.c |
| 2 |
91.11 |
-0.32% | src/lj_alloc.c |
| 6 |
88.38 |
0.25% | src/lj_ffrecord.c |
| 6 |
82.22 |
17.78% | src/lj_sysprof.c |
| 7 |
75.14 |
-0.63% | src/lj_opt_fold.c |
Jobs
| ID | Job ID | Ran | Files | Coverage | |
|---|---|---|---|---|---|
| 1 | 6109128487.1 | 89 |
88.17 |
GitHub Action Run |
