From 046129dbdda5261c1b17469a2895a113d14c070a Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Tue, 27 Feb 2018 23:02:23 +0100 Subject: [PATCH 1/6] Fix rechaining of pseudo-resurrected string keys. This is a serious bug. But extremely hard to reproduce, so it went undetected for 8 years. One needs two resurrections with different main nodes, which are both in a hash chain which gets relinked on key insertion where the colliding node is in a non-main position. Phew. Thanks to lbeiming. --- src/lj_tab.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/lj_tab.c b/src/lj_tab.c index 50f447e8..f2f3c0b0 100644 --- a/src/lj_tab.c +++ b/src/lj_tab.c @@ -457,6 +457,29 @@ TValue *lj_tab_newkey(lua_State *L, GCtab *t, cTValue *key) freenode->next = nn->next; nn->next = n->next; setmref(n->next, nn); + /* + ** Rechaining a resurrected string key creates a new dilemma: + ** Another string key may have originally been resurrected via + ** _any_ of the previous nodes as a chain anchor. Including + ** a node that had to be moved, which makes them unreachable. + ** It's not feasible to check for all previous nodes, so rechain + ** any string key that's currently in a non-main positions. + */ + while ((nn = nextnode(freenode))) { + if (tvisstr(&nn->key) && !tvisnil(&nn->val)) { + Node *mn = hashstr(t, strV(&nn->key)); + if (mn != freenode) { + freenode->next = nn->next; + nn->next = mn->next; + setmref(mn->next, nn); + } else { + freenode = nn; + } + } else { + freenode = nn; + } + } + break; } else { freenode = nn; } From 02b521981a1ab919ff2cd4d9bcaee80baf77dce2 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sun, 22 Apr 2018 13:27:25 +0200 Subject: [PATCH 2/6] FFI: Add tonumber() specialization for failed conversions. Contributed by Javier Guerra Giraldez. --- src/lj_crecord.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lj_crecord.c b/src/lj_crecord.c index 84fc49ee..bc88d635 100644 --- a/src/lj_crecord.c +++ b/src/lj_crecord.c @@ -1661,6 +1661,8 @@ void LJ_FASTCALL lj_crecord_tonumber(jit_State *J, RecordFFData *rd) d = ctype_get(cts, CTID_DOUBLE); J->base[0] = crec_ct_tv(J, d, 0, J->base[0], &rd->argv[0]); } else { + /* Specialize to the ctype that couldn't be converted. */ + argv2cdata(J, J->base[0], &rd->argv[0]); J->base[0] = TREF_NIL; } } From cf7a0540a3a9f80fc729211eb21d1e9b72acc89c Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Wed, 25 Apr 2018 12:07:08 +0200 Subject: [PATCH 3/6] Bump copyright date to 2018. --- doc/bluequad-print.css | 2 +- doc/bluequad.css | 2 +- doc/changes.html | 5 ++--- doc/contact.html | 7 +++---- doc/ext_c_api.html | 5 ++--- doc/ext_ffi.html | 5 ++--- doc/ext_ffi_api.html | 5 ++--- doc/ext_ffi_semantics.html | 5 ++--- doc/ext_ffi_tutorial.html | 5 ++--- doc/ext_jit.html | 5 ++--- doc/extensions.html | 5 ++--- doc/faq.html | 5 ++--- doc/install.html | 5 ++--- doc/luajit.html | 7 +++---- doc/running.html | 5 ++--- doc/status.html | 5 ++--- 16 files changed, 32 insertions(+), 46 deletions(-) diff --git a/doc/bluequad-print.css b/doc/bluequad-print.css index 62e1c165..d5a3ea3a 100644 --- a/doc/bluequad-print.css +++ b/doc/bluequad-print.css @@ -1,4 +1,4 @@ -/* Copyright (C) 2004-2017 Mike Pall. +/* Copyright (C) 2004-2018 Mike Pall. * * You are welcome to use the general ideas of this design for your own sites. * But please do not steal the stylesheet, the layout or the color scheme. diff --git a/doc/bluequad.css b/doc/bluequad.css index be2c4bf2..cfc889af 100644 --- a/doc/bluequad.css +++ b/doc/bluequad.css @@ -1,4 +1,4 @@ -/* Copyright (C) 2004-2017 Mike Pall. +/* Copyright (C) 2004-2018 Mike Pall. * * You are welcome to use the general ideas of this design for your own sites. * But please do not steal the stylesheet, the layout or the color scheme. diff --git a/doc/changes.html b/doc/changes.html index 4a4d4fb9..c1848e8e 100644 --- a/doc/changes.html +++ b/doc/changes.html @@ -3,8 +3,7 @@ LuaJIT Change History - - + @@ -1010,7 +1009,7 @@ This is the initial non-public release of LuaJIT.