gh-mirror/mikepaul-LuaJIT
1
0
Fork 0
mirror of https://github.com/LuaJIT/LuaJIT.git synced 2025-02-07 15:14:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Handle partial snapshot restore due to stack overflow.

Browse Source 
Reported by pwnhacker0x18. Fixed by Peter Cawley. #1196
This commit is contained in:
Mike Pall 2024-07-03 21:42:21 +02:00
parent 4a22050df9
commit 811c5322c8
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/lj_debug.c
View File

@ -102,9 +102,12 @@ static BCPos debug_framepc(lua_State *L, GCfunc *fn, cTValue *nextframe)
pos = proto_bcpos(pt, ins) - 1; pos = proto_bcpos(pt, ins) - 1;
#if LJ_HASJIT #if LJ_HASJIT
if (pos > pt->sizebc) { /* Undo the effects of lj_trace_exit for JLOOP. */ if (pos > pt->sizebc) { /* Undo the effects of lj_trace_exit for JLOOP. */
GCtrace *T = (GCtrace *)((char *)(ins-1) - offsetof(GCtrace, startins)); if (bc_isret(bc_op(ins[-1]))) {
lua_assert(bc_isret(bc_op(ins[-1]))); GCtrace *T = (GCtrace *)((char *)(ins-1) - offsetof(GCtrace, startins));
pos = proto_bcpos(pt, mref(T->startpc, const BCIns)); pos = proto_bcpos(pt, mref(T->startpc, const BCIns));
} else {
pos = NO_BCPOS; /* Punt in case of stack overflow. */
}
} }
#endif #endif
return pos; return pos;

4
src/lj_trace.c
View File

@ -788,8 +788,10 @@ int LJ_FASTCALL lj_trace_exit(jit_State *J, void *exptr)
exd.J = J; exd.J = J;
exd.exptr = exptr; exd.exptr = exptr;
errcode = lj_vm_cpcall(L, NULL, &exd, trace_exit_cp); errcode = lj_vm_cpcall(L, NULL, &exd, trace_exit_cp);
if (errcode) if (errcode) {
setcframe_pc(cframe_raw(L->cframe), L); /* Point to any valid memory. */
return -errcode; /* Return negated error code. */ return -errcode; /* Return negated error code. */
}
lj_vmevent_send(L, TEXIT, lj_vmevent_send(L, TEXIT,
lj_state_checkstack(L, 4+RID_NUM_GPR+RID_NUM_FPR+LUA_MINSTACK); lj_state_checkstack(L, 4+RID_NUM_GPR+RID_NUM_FPR+LUA_MINSTACK);