Skip to content

Commit

Permalink
lua: add flex array field to TString type
Browse files Browse the repository at this point in the history
Linux 6.10+ with CONFIG_FORTIFY_SOURCE notices memcpy() accessing past
the end of TString, because it has no indication that there there may be
an additional allocation there.

There's no appropriate upstream change for this (ancient) version of
Lua, so this is the narrowest change I could come up with to add a flex
array field to the end of TString to satisfy the check. It's loosely
based on changes from lua/lua@ca41b43f and lua/lua@9514abc2.

Sponsored-by: https://despairlabs.com/sponsor/
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <robn@despairlabs.com>
Closes openzfs#16541
Closes openzfs#16583
  • Loading branch information
robn authored and darkbasic committed Oct 27, 2024
1 parent ccf64c2 commit 1480930
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 12 deletions.
21 changes: 12 additions & 9 deletions module/lua/lobject.h
Original file line number Diff line number Diff line change
Expand Up @@ -404,19 +404,22 @@ typedef TValue *StkId; /* index to stack elements */
/*
** Header for string value; string bytes follow the end of this structure
*/
typedef union TString {
L_Umaxalign dummy; /* ensures maximum alignment for strings */
struct {
CommonHeader;
lu_byte extra; /* reserved words for short strings; "has hash" for longs */
unsigned int hash;
size_t len; /* number of characters in string */
} tsv;
typedef struct TString {
union {
L_Umaxalign dummy; /* ensures maximum alignment for strings */
struct {
CommonHeader;
lu_byte extra; /* reserved words for short strings; "has hash" for longs */
unsigned int hash;
size_t len; /* number of characters in string */
} tsv;
};
char contents[];
} TString;


/* get the actual string (array of bytes) from a TString */
#define getstr(ts) cast(const char *, (ts) + 1)
#define getstr(ts) ((ts)->contents)

/* get the actual string (array of bytes) from a Lua value */
#define svalue(o) getstr(rawtsvalue(o))
Expand Down
2 changes: 1 addition & 1 deletion module/lua/lstate.h
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ struct lua_State {
*/
union GCObject {
GCheader gch; /* common header */
union TString ts;
struct TString ts;
union Udata u;
union Closure cl;
struct Table h;
Expand Down
2 changes: 1 addition & 1 deletion module/lua/lstring.c
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ static TString *createstrobj (lua_State *L, const char *str, size_t l,
ts->tsv.len = l;
ts->tsv.hash = h;
ts->tsv.extra = 0;
sbuf = (char *)(TString *)(ts + 1);
sbuf = ts->contents;
memcpy(sbuf, str, l*sizeof(char));
sbuf[l] = '\0'; /* ending 0 */
return ts;
Expand Down
2 changes: 1 addition & 1 deletion module/lua/lstring.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
#include "lstate.h"


#define sizestring(s) (sizeof(union TString)+((s)->len+1)*sizeof(char))
#define sizestring(s) (sizeof(struct TString)+((s)->len+1)*sizeof(char))

#define sizeudata(u) (sizeof(union Udata)+(u)->len)

Expand Down

0 comments on commit 1480930

Please sign in to comment.