#7 add fix for doublefree in luac: rhbz#2111138
Merged 2 months ago by spot. Opened 2 months ago by cra.
rpms/ cra/lua rawhide  into  rawhide

@@ -0,0 +1,56 @@ 

+ http://lua-users.org/lists/lua-l/2022-02/msg00112.html

+ 

+ Subject: Bug in luac (Lua 5.4.4)?

+ From: Marc Balmer <marc@...>

+ Date: Sat, 26 Feb 2022 12:59:16 +0100

+ 

+ I think there is a regression in luac that was introduced in Lua 5.4.4:

+ 

+ We compile several files into a single output file like so

+ 

+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua

+ 

+ Up to Lua 5.4.3 there was no issue.  Now with Lua 5.4.4 we get a malloc/free error:

+ 

+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua

+ luac(27853,0x107171600) malloc: *** error for object 0x600001044170: pointer being freed was not allocated

+ luac(27853,0x107171600) malloc: *** set a breakpoint in malloc_error_break to debug

+ make: *** [agenda.ext] Abort trap: 6

+ 

+ That is on macOS Monterey, on RHEL 8 it looks like this:

+ 

+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua

+ free(): double free detected in tcache 2

+ 

+ The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c. This is the only call that has been added to the combine() function.  If I comment out that line, things work as expected.

+ 

+ http://lua-users.org/lists/lua-l/2022-02/msg00113.html

+ 

+ Subject: Re: Bug in luac (Lua 5.4.4)?

+ From: Luiz Henrique de Figueiredo <lhf@...>

+ Date: Sat, 26 Feb 2022 14:33:02 -0300

+ 

+ > The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c.

+ 

+ I'm sorry about that. This issue has appeared before and I've failed

+ to address it properly:

+ http://lua-users.org/lists/lua-l/2021-09/msg00091.html

+ http://lua-users.org/lists/lua-l/2017-05/msg00143.html

+ 

+ Could you please try this patch? Thanks.

+ 

+ luaM_freearray(L, f->lineinfo, f->sizelineinfo);

+ f->lineinfo = NULL;                             /* add this line */

+ f->sizelineinfo = 0;

+ 

+ diff -up lua-5.4.4/src/luac.c.doublefree lua-5.4.4/src/luac.c

+ --- lua-5.4.4/src/luac.c.doublefree	2021-11-04 12:42:28.000000000 -0400

+ +++ lua-5.4.4/src/luac.c	2022-07-26 10:36:47.624031818 -0400

+ @@ -156,6 +156,7 @@ static const Proto* combine(lua_State* L

+     if (f->p[i]->sizeupvalues>0) f->p[i]->upvalues[0].instack=0;

+    }

+    luaM_freearray(L,f->lineinfo,f->sizelineinfo);

+ +  f->lineinfo = NULL;

+    f->sizelineinfo=0;

+    return f;

+   }

file modified
+7 -1
@@ -14,7 +14,7 @@ 

  

  Name:           lua

  Version:        %{major_version}.4

- Release:        6%{?dist}

+ Release:        7%{?dist}

  Summary:        Powerful light-weight programming language

  License:        MIT

  URL:            https://www.lua.org/
@@ -49,6 +49,8 @@ 

  Patch11:	https://github.com/lua/lua/commit/196bb94d66e727e0aec053a0276c3ad701500762.patch

  # 5.4.4 Bug 7

  Patch12:	https://github.com/lua/lua/commit/a1f77a234a053da46b06d5d4be00ffb30d3eb45b.patch

+ # 5.4.4		http://lua-users.org/lists/lua-l/2022-02/msg00112.html

+ Patch13:	%{name}-5.4.4-luac-doublefree.patch

  

  

  BuildRequires:  automake autoconf libtool readline-devel ncurses-devel
@@ -110,6 +112,7 @@ 

  %patch10 -p1 -b .5.4.4-bug4

  %patch11 -p1 -b .5.4.4-bug5

  %patch12 -p1 -b .5.4.4-bug7

+ %patch13 -p1 -b .5.4.4-doublefree

  # Put proper version in configure.ac, patch0 hardcodes 5.3.0

  sed -i 's|5.3.0|%{version}|g' configure.ac

  autoreconf -ifv
@@ -226,6 +229,9 @@ 

  %{_libdir}/*.a

  

  %changelog

+ * Thu Dec  8 2022 Charles R. Anderson <cra@alum.wpi.edu> - 5.4.4-7

+ - Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138)

+ 

  * Mon Oct 17 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-6

  - add upstream fix for Bug 7

  

Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138) to fix the build of lsyncd (#2119140)

/usr/bin/luac -o defaults.out /builddir/build/BUILD/lsyncd-2.3.0/default.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsync.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsyncssh.lua /builddir/build/BUILD/lsyncd-2.3.0/default-direct.lua
free(): double free detected in tcache 2

Subject: Re: Bug in luac (Lua 5.4.4)?
From: Luiz Henrique de Figueiredo lhf@...
Date: Sat, 26 Feb 2022 14:33:02 -0300

The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c.

I'm sorry about that. This issue has appeared before and I've failed
to address it properly:
http://lua-users.org/lists/lua-l/2021-09/msg00091.html
http://lua-users.org/lists/lua-l/2017-05/msg00143.html

Could you please try this patch? Thanks.

luaM_freearray(L, f->lineinfo, f->sizelineinfo);
f->lineinfo = NULL; / add this line /
f->sizelineinfo = 0;

Build succeeded.

Pull-Request has been merged by spot

2 months ago
Metadata