From 440a5ee78c8592230780310c9c8d8c2ba1700cb1 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Fri, 19 Jul 2019 12:13:00 -0300 Subject: [PATCH] Fixed bug for emergency collection in upvalue creation When creating an upvalue, an emergency collection can collect the previous upvalue where the new one would be linked. The following code can trigger the bug, using valgrind on Lua compiled with the -DHARDMEMTESTS option: local x; local y (function () return y end)(); (function () return x end)() --- lfunc.c | 14 ++++++++------ lfunc.h | 2 +- lvm.c | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/lfunc.c b/lfunc.c index 9f91ad4f..f7edf56b 100644 --- a/lfunc.c +++ b/lfunc.c @@ -82,20 +82,22 @@ static UpVal *newupval (lua_State *L, int tbc, StkId level, UpVal **prev) { /* -** Find and reuse, or create if it does not exist, a regular upvalue -** at the given level. +** Find and reuse, or create if it does not exist, an upvalue +** at the given level and set it to the given slot. */ -UpVal *luaF_findupval (lua_State *L, StkId level) { +void luaF_setupval (lua_State *L, StkId level, UpVal **slot) { UpVal **pp = &L->openupval; UpVal *p; lua_assert(isintwups(L) || L->openupval == NULL); while ((p = *pp) != NULL && uplevel(p) >= level) { /* search for it */ + *slot = p; if (uplevel(p) == level && !isdead(G(L), p)) /* corresponding upvalue? */ - return p; /* return it */ + return; /* found it */ pp = &p->u.open.next; } - /* not found: create a new upvalue after 'pp' */ - return newupval(L, 0, level, pp); + /* not found: create a new upvalue after 'pp' (which is + anchored in 'slot', in case of an emergency collection) */ + *slot = newupval(L, 0, level, pp); } diff --git a/lfunc.h b/lfunc.h index 0ed79c48..72fc913a 100644 --- a/lfunc.h +++ b/lfunc.h @@ -57,7 +57,7 @@ LUAI_FUNC Proto *luaF_newproto (lua_State *L); LUAI_FUNC CClosure *luaF_newCclosure (lua_State *L, int nelems); LUAI_FUNC LClosure *luaF_newLclosure (lua_State *L, int nelems); LUAI_FUNC void luaF_initupvals (lua_State *L, LClosure *cl); -LUAI_FUNC UpVal *luaF_findupval (lua_State *L, StkId level); +LUAI_FUNC void luaF_setupval (lua_State *L, StkId level, UpVal **slot); LUAI_FUNC void luaF_newtbcupval (lua_State *L, StkId level); LUAI_FUNC int luaF_close (lua_State *L, StkId level, int status); LUAI_FUNC void luaF_unlinkupval (UpVal *uv); diff --git a/lvm.c b/lvm.c index d9bd0ab3..d3e05199 100644 --- a/lvm.c +++ b/lvm.c @@ -697,7 +697,7 @@ static void pushclosure (lua_State *L, Proto *p, UpVal **encup, StkId base, setclLvalue2s(L, ra, ncl); /* anchor new closure in stack */ for (i = 0; i < nup; i++) { /* fill in its upvalues */ if (uv[i].instack) /* upvalue refers to local variable? */ - ncl->upvals[i] = luaF_findupval(L, base + uv[i].idx); + luaF_setupval(L, base + uv[i].idx, &ncl->upvals[i]); else /* get upvalue from enclosing function */ ncl->upvals[i] = encup[uv[i].idx]; luaC_objbarrier(L, ncl, ncl->upvals[i]);