tarantool / luajit / 11349070883 / 1

93%

tarantool/master: 93%

push

github

FFI: Fix __tostring metamethod access to enum cdata value.

Thanks to Sergey Kaplun.

(cherry picked from commit f2a1cd432)

On a 64-bit host, `*(uint32_t **)p` (in the
`lj_cf_ffi_meta___tostring()`) is the read of 8 bytes, while the size of
the cdata tail for the enum is only 4. This leads to heap-buffer-overflow
during the call of `tostring()` on the corresponding cdata.

This patch fixes the pointer cast to `(uint32_t *)p`, which is correct.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199

Reviewed-by: Sergey Bronnikov <sergeyb@tarantool.org>
Reviewed-by: Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Signed-off-by: Sergey Kaplun <skaplun@tarantool.org>

5683 of 6027 branches covered (94.29%)

Branch coverage included in aggregate %.

21658 of 23435 relevant lines covered (92.42%)

2964407.67 hits per line