1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-30 08:19:09 +00:00

lua: add flex array field to TString type

Linux 6.10+ with CONFIG_FORTIFY_SOURCE notices memcpy() accessing past
the end of TString, because it has no indication that there there may be
an additional allocation there.

There's no appropriate upstream change for this (ancient) version of
Lua, so this is the narrowest change I could come up with to add a flex
array field to the end of TString to satisfy the check. It's loosely
based on changes from lua/lua@ca41b43f and lua/lua@9514abc2.

Sponsored-by: https://despairlabs.com/sponsor/
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <robn@despairlabs.com>
Closes #16541
Closes #16583
This commit is contained in:
Rob Norris 2024-10-01 03:30:03 +10:00 committed by GitHub
parent 5591505299
commit c84a37ae93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 15 additions and 12 deletions

View File

@ -404,7 +404,8 @@ typedef TValue *StkId; /* index to stack elements */
/*
** Header for string value; string bytes follow the end of this structure
*/
typedef union TString {
typedef struct TString {
union {
L_Umaxalign dummy; /* ensures maximum alignment for strings */
struct {
CommonHeader;
@ -412,11 +413,13 @@ typedef union TString {
unsigned int hash;
size_t len; /* number of characters in string */
} tsv;
};
char contents[];
} TString;
/* get the actual string (array of bytes) from a TString */
#define getstr(ts) cast(const char *, (ts) + 1)
#define getstr(ts) ((ts)->contents)
/* get the actual string (array of bytes) from a Lua value */
#define svalue(o) getstr(rawtsvalue(o))

View File

@ -185,7 +185,7 @@ struct lua_State {
*/
union GCObject {
GCheader gch; /* common header */
union TString ts;
struct TString ts;
union Udata u;
union Closure cl;
struct Table h;

View File

@ -103,7 +103,7 @@ static TString *createstrobj (lua_State *L, const char *str, size_t l,
ts->tsv.len = l;
ts->tsv.hash = h;
ts->tsv.extra = 0;
sbuf = (char *)(TString *)(ts + 1);
sbuf = ts->contents;
memcpy(sbuf, str, l*sizeof(char));
sbuf[l] = '\0'; /* ending 0 */
return ts;

View File

@ -12,7 +12,7 @@
#include "lstate.h"
#define sizestring(s) (sizeof(union TString)+((s)->len+1)*sizeof(char))
#define sizestring(s) (sizeof(struct TString)+((s)->len+1)*sizeof(char))
#define sizeudata(u) (sizeof(union Udata)+(u)->len)