From ac42037db0ea0e0c8f4934b5103db522ab405129 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sun, 24 Apr 2016 17:32:12 +0200 Subject: [PATCH] Constrain value range of lj_ir_kptr() to unsigned 32 bit pointers. Thanks to Peter Cawley. --- src/lj_ffrecord.c | 8 +------- src/lj_ir.c | 2 +- src/lj_obj.h | 8 ++++++-- src/lj_record.c | 7 +------ 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c index a960ea50..942ecdb2 100644 --- a/src/lj_ffrecord.c +++ b/src/lj_ffrecord.c @@ -104,7 +104,6 @@ static void recff_stitch(jit_State *J) TValue *base = L->base; const BCIns *pc = frame_pc(base-1); TValue *pframe = frame_prevl(base-1); - TRef trcont; lua_assert(!LJ_FR2); /* TODO_FR2: handle frame shift. */ /* Move func + args up in Lua stack and insert continuation. */ @@ -118,12 +117,7 @@ static void recff_stitch(jit_State *J) /* Ditto for the IR. */ memmove(&J->base[1], &J->base[-1], sizeof(TRef)*(J->maxslot+1)); -#if LJ_64 - trcont = lj_ir_kptr(J, (void *)((int64_t)cont-(int64_t)lj_vm_asm_begin)); -#else - trcont = lj_ir_kptr(J, (void *)cont); -#endif - J->base[0] = trcont | TREF_CONT; + J->base[0] = lj_ir_kptr(J, contptr(cont)) | TREF_CONT; J->ktracep = lj_ir_k64_reserve(J); lua_assert(irt_toitype_(IRT_P64) == LJ_TTRACE); J->base[-1] = emitir(IRT(IR_XLOAD, IRT_P64), lj_ir_kptr(J, &J->ktracep->gcr), 0); diff --git a/src/lj_ir.c b/src/lj_ir.c index 63c98254..b4087aa7 100644 --- a/src/lj_ir.c +++ b/src/lj_ir.c @@ -345,7 +345,7 @@ TRef lj_ir_kptr_(jit_State *J, IROp op, void *ptr) { IRIns *ir, *cir = J->cur.ir; IRRef ref; - lua_assert((void *)(intptr_t)i32ptr(ptr) == ptr); + lua_assert((void *)(uintptr_t)u32ptr(ptr) == ptr); for (ref = J->chain[op]; ref; ref = cir[ref].prev) if (mref(cir[ref].ptr, void) == ptr) goto found; diff --git a/src/lj_obj.h b/src/lj_obj.h index 059eb132..25da9455 100644 --- a/src/lj_obj.h +++ b/src/lj_obj.h @@ -843,12 +843,16 @@ static LJ_AINLINE void setlightudV(TValue *o, void *p) #endif #if LJ_FR2 -#define setcont(o, f) ((o)->u64 = (uint64_t)(uintptr_t)(void *)(f)) +#define contptr(f) ((void *)(f)) +#define setcont(o, f) ((o)->u64 = (uint64_t)(uintptr_t)contptr(f)) #elif LJ_64 +#define contptr(f) \ + ((void *)(uintptr_t)(uint32_t)((intptr_t)(f) - (intptr_t)lj_vm_asm_begin)) #define setcont(o, f) \ ((o)->u64 = (uint64_t)(void *)(f) - (uint64_t)lj_vm_asm_begin) #else -#define setcont(o, f) setlightudV((o), (void *)(f)) +#define contptr(f) ((void *)(f)) +#define setcont(o, f) setlightudV((o), contptr(f)) #endif #define tvchecklive(L, o) \ diff --git a/src/lj_record.c b/src/lj_record.c index 306a85cb..8a72b0c9 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -882,12 +882,7 @@ void lj_record_ret(jit_State *J, BCReg rbase, ptrdiff_t gotresults) static BCReg rec_mm_prep(jit_State *J, ASMFunction cont) { BCReg s, top = cont == lj_cont_cat ? J->maxslot : curr_proto(J->L)->framesize; -#if LJ_64 - TRef trcont = lj_ir_kptr(J, (void *)((int64_t)cont-(int64_t)lj_vm_asm_begin)); -#else - TRef trcont = lj_ir_kptr(J, (void *)cont); -#endif - J->base[top] = trcont | TREF_CONT; + J->base[top] = lj_ir_kptr(J, contptr(cont)) | TREF_CONT; J->framedepth++; for (s = J->maxslot; s < top; s++) J->base[s] = 0; /* Clear frame gap to avoid resurrecting previous refs. */