PR#7: add fix for doublefree in luac: rhbz#2111138 - rpms/lua

rpms / lua

#7 add fix for doublefree in luac: rhbz#2111138

Merged 2 months ago by spot. Opened 2 months ago by cra.

rpms/ cra/lua rawhide into rawhide

Add lua-5.4.4-luac-doublefree.patch

Charles R. Anderson • 2 months ago

cba19d3

Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138)

Charles R. Anderson • 2 months ago

0e27f95

lua-5.4.4-luac-doublefree.patch

file added

+56

		`@@ -0,0 +1,56 @@`
		`+ http://lua-users.org/lists/lua-l/2022-02/msg00112.html`
		`+`
		`+ Subject: Bug in luac (Lua 5.4.4)?`
		`+ From: Marc Balmer <marc@...>`
		`+ Date: Sat, 26 Feb 2022 12:59:16 +0100`
		`+`
		`+ I think there is a regression in luac that was introduced in Lua 5.4.4:`
		`+`
		`+ We compile several files into a single output file like so`
		`+`
		`+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua`
		`+`
		`+ Up to Lua 5.4.3 there was no issue. Now with Lua 5.4.4 we get a malloc/free error:`
		`+`
		`+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua`
		`+ luac(27853,0x107171600) malloc: *** error for object 0x600001044170: pointer being freed was not allocated`
		`+ luac(27853,0x107171600) malloc: *** set a breakpoint in malloc_error_break to debug`
		`+ make: *** [agenda.ext] Abort trap: 6`
		`+`
		`+ That is on macOS Monterey, on RHEL 8 it looks like this:`
		`+`
		`+ luac -o agenda.luac agenda.lua entry.lua guide.lua location.lua`
		`+ free(): double free detected in tcache 2`
		`+`
		`+ The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c. This is the only call that has been added to the combine() function. If I comment out that line, things work as expected.`
		`+`
		`+ http://lua-users.org/lists/lua-l/2022-02/msg00113.html`
		`+`
		`+ Subject: Re: Bug in luac (Lua 5.4.4)?`
		`+ From: Luiz Henrique de Figueiredo <lhf@...>`
		`+ Date: Sat, 26 Feb 2022 14:33:02 -0300`
		`+`
		`+ > The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c.`
		`+`
		`+ I'm sorry about that. This issue has appeared before and I've failed`
		`+ to address it properly:`
		`+ http://lua-users.org/lists/lua-l/2021-09/msg00091.html`
		`+ http://lua-users.org/lists/lua-l/2017-05/msg00143.html`
		`+`
		`+ Could you please try this patch? Thanks.`
		`+`
		`+ luaM_freearray(L, f->lineinfo, f->sizelineinfo);`
		`+ f->lineinfo = NULL; /* add this line */`
		`+ f->sizelineinfo = 0;`
		`+`
		`+ diff -up lua-5.4.4/src/luac.c.doublefree lua-5.4.4/src/luac.c`
		`+ --- lua-5.4.4/src/luac.c.doublefree 2021-11-04 12:42:28.000000000 -0400`
		`+ +++ lua-5.4.4/src/luac.c 2022-07-26 10:36:47.624031818 -0400`
		`+ @@ -156,6 +156,7 @@ static const Proto* combine(lua_State* L`
		`+ if (f->p[i]->sizeupvalues>0) f->p[i]->upvalues[0].instack=0;`
		`+ }`
		`+ luaM_freearray(L,f->lineinfo,f->sizelineinfo);`
		`+ + f->lineinfo = NULL;`
		`+ f->sizelineinfo=0;`
		`+ return f;`
		`+ }`

lua.spec

file modified

+7 -1

		`@@ -14,7 +14,7 @@`

		`Name: lua`
		`Version: %{major_version}.4`
		`- Release: 6%{?dist}`
		`+ Release: 7%{?dist}`
		`Summary: Powerful light-weight programming language`
		`License: MIT`
		`URL: https://www.lua.org/`
		`@@ -49,6 +49,8 @@`
		`Patch11: https://github.com/lua/lua/commit/196bb94d66e727e0aec053a0276c3ad701500762.patch`
		`# 5.4.4 Bug 7`
		`Patch12: https://github.com/lua/lua/commit/a1f77a234a053da46b06d5d4be00ffb30d3eb45b.patch`
		`+ # 5.4.4 http://lua-users.org/lists/lua-l/2022-02/msg00112.html`
		`+ Patch13: %{name}-5.4.4-luac-doublefree.patch`


		`BuildRequires: automake autoconf libtool readline-devel ncurses-devel`
		`@@ -110,6 +112,7 @@`
		`%patch10 -p1 -b .5.4.4-bug4`
		`%patch11 -p1 -b .5.4.4-bug5`
		`%patch12 -p1 -b .5.4.4-bug7`
		`+ %patch13 -p1 -b .5.4.4-doublefree`
		`# Put proper version in configure.ac, patch0 hardcodes 5.3.0`
		`sed -i 's\|5.3.0\|%{version}\|g' configure.ac`
		`autoreconf -ifv`
		`@@ -226,6 +229,9 @@`
		`%{_libdir}/*.a`

		`%changelog`
		`+ * Thu Dec 8 2022 Charles R. Anderson <cra@alum.wpi.edu> - 5.4.4-7`
		`+ - Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138)`
		`+`
		`* Mon Oct 17 2022 Tom Callaway <spot@fedoraproject.org> - 5.4.4-6`
		`- add upstream fix for Bug 7`

cra commented 2 months ago

Add patch for http://lua-users.org/lists/lua-l/2022-02/msg00112.html (#2111138) to fix the build of lsyncd (#2119140)

/usr/bin/luac -o defaults.out /builddir/build/BUILD/lsyncd-2.3.0/default.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsync.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsyncssh.lua /builddir/build/BUILD/lsyncd-2.3.0/default-direct.lua
free(): double free detected in tcache 2

Subject: Re: Bug in luac (Lua 5.4.4)?
From: Luiz Henrique de Figueiredo lhf@...
Date: Sat, 26 Feb 2022 14:33:02 -0300

The problem seems to be the call to luaM_freearray(L,f->lineinfo,f->sizelineinfo); on line 158 of luac.c.

I'm sorry about that. This issue has appeared before and I've failed
to address it properly:
http://lua-users.org/lists/lua-l/2021-09/msg00091.html
http://lua-users.org/lists/lua-l/2017-05/msg00143.html

Could you please try this patch? Thanks.

luaM_freearray(L, f->lineinfo, f->sizelineinfo);
f->lineinfo = NULL; / add this line /
f->sizelineinfo = 0;

zuul commented 2 months ago

Build succeeded.

check-for-arches : SUCCESS in 59s
rpm-scratch-build : SUCCESS in 7m 55s
rpm-scratch-build-s390x : SUCCESS in 8m 04s (non-voting)
rpm-scratch-build-ppc64le : SUCCESS in 7m 53s (non-voting)
rpm-scratch-build-i686 : SUCCESS in 9m 09s (non-voting)
rpm-scratch-build-aarch64 : SUCCESS in 7m 58s (non-voting)
rpm-linter : FAILURE in 2m 59s (non-voting)
rpm-rpminspect : SUCCESS in 5m 49s (non-voting)
check-for-sti-tests : SUCCESS in 22s
check-for-fmf-tests : SUCCESS in 20s
rpm-install-test : SUCCESS in 2m 34s
rpm-tmt-test : SKIPPED
rpm-sti-test : SUCCESS in 7m 54s

Pull-Request has been merged by spot

2 months ago

Metadata

Assignee

None

Tags

No Tags

Changes Summary 2

+56

file added