Giter Site home page Giter Site logo

lua-c-api-tests's People

Contributors

kobrineli avatar kroggen avatar ligurio avatar rtolkacheva avatar sweetvishnya avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

sweetvishnya kobrineli kroggen

lua-c-api-tests's Issues

heap-use-after-free is found by luaL_loadbufferx_test 

#237068	REDUCE cov: 1631 ft: 7256 corp: 1738/404Kb lim: 4096 exec/s: 7183 rss: 94Mb L: 11/4096 MS: 1 EraseBytes-
#238685	REDUCE cov: 1631 ft: 7256 corp: 1738/404Kb lim: 4096 exec/s: 7232 rss: 94Mb L: 75/4096 MS: 2 CrossOver-EraseBytes-
#238707	REDUCE cov: 1631 ft: 7256 corp: 1738/404Kb lim: 4096 exec/s: 7233 rss: 94Mb L: 461/4096 MS: 2 ChangeBit-EraseBytes-
#238748	REDUCE cov: 1631 ft: 7256 corp: 1738/404Kb lim: 4096 exec/s: 7234 rss: 94Mb L: 43/4096 MS: 1 EraseBytes-
#239154	REDUCE cov: 1631 ft: 7256 corp: 1738/404Kb lim: 4096 exec/s: 7247 rss: 94Mb L: 485/4096 MS: 1 EraseBytes-
=================================================================
==1136==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600008a828 at pc 0x0000005de26f bp 0x7fffa5ea7df0 sp 0x7fffa5ea7de8
READ of size 8 at 0x60600008a828 thread T0
SCARINESS: 51 (8-byte-read-heap-use-after-free)
    #0 0x5de26e in lj_gc_finalize_cdata /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:591:18
    #1 0x56c037 in cpfinalize /src/testdir/build/luajit-v2.1/source/src/lj_state.c:289:3
    #2 0x5da933 in lj_vm_cpcall /src/testdir/build/luajit-v2.1/source/src/lj_vm.S:1250
    #3 0x56bee4 in lua_close /src/testdir/build/luajit-v2.1/source/src/lj_state.c:316:9
    #4 0x569f44 in LLVMFuzzerTestOneInput /src/testdir/tests/luaL_loadbufferx_test.c:43:2
    #5 0x43df83 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x43d76a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #7 0x43ee39 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #8 0x43fb05 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #9 0x42ee6f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #10 0x4584c2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7f6787ba4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #12 0x41f8ad in _start (build-out/luaL_loadbufferx_test+0x41f8ad)

DEDUP_TOKEN: lj_gc_finalize_cdata--cpfinalize--lj_vm_cpcall
0x60600008a828 is located 40 bytes inside of 64-byte region [0x60600008a800,0x60600008a840)
freed by thread T0 here:
    #0 0x52ee72 in free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x5c8fa3 in mem_alloc /src/testdir/build/luajit-v2.1/source/src/lib_aux.c:345:5
    #2 0x5f2648 in lj_tab_free /src/testdir/build/luajit-v2.1/source/src/lj_tab.c
    #3 0x5defca in gc_sweep /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:424:7
    #4 0x5dfc2c in gc_onestep /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:689:5
    #5 0x5df838 in lj_gc_step /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:744:20
    #6 0x589e30 in lj_parse_keepstr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:246:3
    #7 0x5845b6 in lex_scan /src/testdir/build/luajit-v2.1/source/src/lj_lex.c:305:11
    #8 0x583ba2 in lj_lex_next /src/testdir/build/luajit-v2.1/source/src/lj_lex.c:459:15
    #9 0x5a0d3d in lex_opt /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1003:5
    #10 0x5a0d3d in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1780:31
    #11 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #12 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #13 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #14 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #15 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #16 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #17 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #18 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #19 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #20 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #21 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #22 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #23 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #24 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #25 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #26 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #27 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #28 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #29 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #30 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #31 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #32 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #33 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #34 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #35 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #36 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #37 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #38 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #39 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #40 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #41 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #42 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #43 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #44 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #45 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #46 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #47 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #48 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #49 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #50 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #51 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #52 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #53 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #54 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #55 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #56 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #57 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #58 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #59 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #60 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5


DEDUP_TOKEN: free--mem_alloc--lj_tab_free
previously allocated by thread T0 here:
    #0 0x52f51c in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
    #1 0x5c8f93 in mem_alloc /src/testdir/build/luajit-v2.1/source/src/lib_aux.c:348:12
    #2 0x5e42bc in lj_mem_newgco /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:891:23
    #3 0x5f1275 in newtab /src/testdir/build/luajit-v2.1/source/src/lj_tab.c:103:9
    #4 0x5f0f39 in lj_tab_new /src/testdir/build/luajit-v2.1/source/src/lj_tab.c:141:14
    #5 0x5c93d0 in ffi_finalizer /src/testdir/build/luajit-v2.1/source/src/lib_ffi.c:832:14
    #6 0x5c93d0 in luaopen_ffi /src/testdir/build/luajit-v2.1/source/src/lib_ffi.c:856:20
    #7 0x5888a1 in lex_number /src/testdir/build/luajit-v2.1/source/src/lj_lex.c:121:5
    #8 0x58456c in lex_scan /src/testdir/build/luajit-v2.1/source/src/lj_lex.c
    #9 0x583ba2 in lj_lex_next /src/testdir/build/luajit-v2.1/source/src/lj_lex.c:459:15
    #10 0x5a0d3d in lex_opt /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1003:5
    #11 0x5a0d3d in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1780:31
    #12 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #13 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #14 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #15 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #16 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #17 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #18 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #19 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #20 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #21 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #22 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #23 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #24 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #25 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #26 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #27 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #28 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #29 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #30 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #31 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #32 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #33 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #34 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #35 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #36 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #37 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #38 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #39 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #40 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #41 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #42 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #43 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #44 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #45 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #46 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #47 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #48 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #49 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #50 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #51 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #52 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #53 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #54 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #55 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #56 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5
    #57 0x59892a in expr_simple /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2023:5
    #58 0x59892a in expr_unop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2096:5
    #59 0x59892a in expr_binop /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2109:3
    #60 0x5a03a9 in expr /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:2128:3
    #61 0x5a03a9 in expr_table /src/testdir/build/luajit-v2.1/source/src/lj_parse.c:1752:5

DEDUP_TOKEN: __interceptor_realloc--mem_alloc--lj_mem_newgco
SUMMARY: AddressSanitizer: heap-use-after-free /src/testdir/build/luajit-v2.1/source/src/lj_gc.c:591:18 in lj_gc_finalize_cdata
Shadow bytes around the buggy address:
  0x0c0c800094b0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c800094c0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c0c800094d0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c0c800094e0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c800094f0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c0c80009500: fd fd fd fd fd[fd]fd fd fa fa fa fa fa fa fa fa
  0x0c0c80009510: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c80009520: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c0c80009530: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x0c0c80009540: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c0c80009550: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1136==ABORTING

https://github.com/ligurio/lua-c-api-tests/actions/runs/6361457504/job/17275898814

Full log: logs_674.zip
LuaJIT version: LuaJIT/LuaJIT@becf5cc

Fuzzing build failure

Issue 58707: lua: Fuzzing build failure

Step #22 - "build-check-libfuzzer-address-x86_64": DEDUP_TOKEN: __interceptor_realloc--l_alloc--luaM_malloc_
Step #22 - "build-check-libfuzzer-address-x86_64": Indirect leak of 29 byte(s) in 1 object(s) allocated from:
Step #22 - "build-check-libfuzzer-address-x86_64":     #0 0x52f45c in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
Step #22 - "build-check-libfuzzer-address-x86_64":     #1 0x67d0c1 in l_alloc lauxlib.c
Step #22 - "build-check-libfuzzer-address-x86_64":     #2 0x5dfcdd in luaM_malloc_ (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x5dfcdd)
Step #22 - "build-check-libfuzzer-address-x86_64":     #3 0x5c5a73 in luaC_newobjdt (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x5c5a73)
Step #22 - "build-check-libfuzzer-address-x86_64":     #4 0x5c5cd4 in luaC_newobj (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x5c5cd4)
Step #22 - "build-check-libfuzzer-address-x86_64":     #5 0x608850 in createstrobj lstring.c
Step #22 - "build-check-libfuzzer-address-x86_64":     #6 0x60977b in internshrstr lstring.c
Step #22 - "build-check-libfuzzer-address-x86_64":     #7 0x608594 in luaS_newlstr (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x608594)
Step #22 - "build-check-libfuzzer-address-x86_64":     #8 0x695c96 in luaX_init (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x695c96)
Step #22 - "build-check-libfuzzer-address-x86_64":     #9 0x6052dd in f_luaopen lstate.c
Step #22 - "build-check-libfuzzer-address-x86_64":     #10 0x5aaeac in luaD_rawrunprotected (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x5aaeac)
Step #22 - "build-check-libfuzzer-address-x86_64":     #11 0x604d0c in lua_newstate (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x604d0c)
Step #22 - "build-check-libfuzzer-address-x86_64":     #12 0x67cf62 in luaL_newstate (/tmp/not-out/tmpkgddl09f/luaL_addgsub_test+0x67cf62)
Step #22 - "build-check-libfuzzer-address-x86_64":     #13 0x56c5e3 in LLVMFuzzerTestOneInput /src/testdir/tests/luaL_addgsub_test.cc:25:17
Step #22 - "build-check-libfuzzer-address-x86_64":     #14 0x43dec3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
Step #22 - "build-check-libfuzzer-address-x86_64":     #15 0x43f274 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3
Step #22 - "build-check-libfuzzer-address-x86_64":     #16 0x43f749 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
Step #22 - "build-check-libfuzzer-address-x86_64":     #17 0x42edaf in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
Step #22 - "build-check-libfuzzer-address-x86_64":     #18 0x458402 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Step #22 - "build-check-libfuzzer-address-x86_64":     #19 0x7f973375f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
Step #22 - "build-check-libfuzzer-address-x86_64": 
Step #22 - "build-check-libfuzzer-address-x86_64": DEDUP_TOKEN: __interceptor_realloc--l_alloc--luaM_malloc_
Step #22 - "build-check-libfuzzer-address-x86_64": SUMMARY: AddressSanitizer: 14961 byte(s) leaked in 165 allocation(s).
Step #22 - "build-check-libfuzzer-address-x86_64": INFO: to ignore leaks on libFuzzer side use -detect_leaks=0.
Step #22 - "build-check-libfuzzer-address-x86_64": 
Step #22 - "build-check-libfuzzer-address-x86_64": MS: 1 ChangeBit-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
Step #22 - "build-check-libfuzzer-address-x86_64": 0x2a,
Step #22 - "build-check-libfuzzer-address-x86_64": *
Step #22 - "build-check-libfuzzer-address-x86_64": artifact_prefix='./'; Test unit written to ./leak-df58248c414f342c81e056b40bee12d17a08bf61
Step #22 - "build-check-libfuzzer-address-x86_64": Base64: Kg==
Step #22 - "build-check-libfuzzer-address-x86_64": 
Step #22 - "build-check-libfuzzer-address-x86_64": ERROR: 18.181818181818183% of fuzz targets seem to be broken. See the list above for a detailed information.
Step #22 - "build-check-libfuzzer-address-x86_64": ********************************************************************************
Step #22 - "build-check-libfuzzer-address-x86_64": Build checks failed.
Step #22 - "build-check-libfuzzer-address-x86_64": To reproduce, run:
Step #22 - "build-check-libfuzzer-address-x86_64": python infra/helper.py build_image lua
Step #22 - "build-check-libfuzzer-address-x86_64": python infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture x86_64 lua
Step #22 - "build-check-libfuzzer-address-x86_64": python infra/helper.py check_build --sanitizer address --engine libfuzzer --architecture x86_64 lua
Step #22 - "build-check-libfuzzer-address-x86_64": ********************************************************************************

log-f23c4383-7f63-4455-aa2e-2fa7eda2d8cf.txt

Build Fails for LuaJIT with address sanitizer

Building LuaJIT with address sanitizer is not working, because the LuaJIT build process compiles and uses the buildvm tool, and when it is run it throws many memory leaks

Steps to reproduce:

CC=clang CXX=clang++ cmake -S . -B build  -DUSE_LUAJIT=ON -DENABLE_ASAN=ON -DENABLE_UBSAN=ON
cmake --build build

Fuzzing build failure with AFL

Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58707&sort=-opened&can=1&q=proj%3Alua

luaL_buffsub_test fails with:

  0x561fb03ae811 in signed char FuzzedDataProvider::ConsumeIntegralInRange<signed char>(signed char, signed char) /usr/lib/llvm-17/lib/clang/17/include/fuzzer
  /FuzzedDataProvider.h:209:5                                                      
  0x561fb03ae273 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_buffsub_test.cc:36:17
  0x561fb036bc80 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_buffsub_test
  +0x51c80) (BuildId: 90aa3399b0d409c296758c26090c4cf3a6da1fe0)

Assert is triggered in luaL_addgsub_test: Assertion `((B)->b != (B)->init.b) ? lua_touserdata(B->L, boxidx) != ((void*)0) : lua_touserdata(B->L, boxidx) == (void*)B' failed. 

INFO: seed corpus: files: 594 min: 1b max: 2336b total: 146060b rss: 27Mb
luaL_addgsub_test: lauxlib.c:548: char *prepbuffsize(luaL_Buffer *, size_t, int): Assertion `((B)->b != (B)->init.b) ? lua_touserdata(B->L, boxidx) != ((void*)0) : lua_touserdata(B->L, boxidx) == (void*)B' failed.
==3586== ERROR: libFuzzer: deadly signal

GH Actions logs: https://github.com/ligurio/lua-c-api-tests/actions/runs/4977823137/jobs/8907335034

[OSS Fuzz] Building of luaL_loadbuffer_proto_test is broken on aarch64 

Step #43 - "compile-libfuzzer-address-aarch64": [0/1] Install the project...
Step #43 - "compile-libfuzzer-address-aarch64": -- Install configuration: "Debug"
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/lib/cmake/libprotobuf-mutator/libprotobuf-mutatorTargets.cmake
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/lib/cmake/libprotobuf-mutator/libprotobuf-mutatorTargets-debug.cmake
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/lib/cmake/libprotobuf-mutator/libprotobuf-mutatorConfig.cmake
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/OFF/libprotobuf-mutator.pc
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/port
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/port/gtest.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/port/protobuf.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/mutator.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/random.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/text_format.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/utf8_fix.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/weighted_reservoir_sampler.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/binary_format.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/field_instance.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/libfuzzer
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/libfuzzer/libfuzzer_mutator.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/include/libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/lib/libprotobuf-mutator.a
Step #43 - "compile-libfuzzer-address-aarch64": -- Installing: /src/testdir/build/tests/external.protobuf_mutator/lib/libprotobuf-mutator-libfuzzer.a
Step #43 - "compile-libfuzzer-address-aarch64": 
[34/41] Completed 'external.protobuf_mutator'๏ฟฝ[K
[35/41] Completed 'external.protobuf_mutator'๏ฟฝ[K
[35/41] Running cpp protocol buffer compiler on lua_grammar.proto๏ฟฝ[K
[36/41] Running cpp protocol buffer compiler on lua_grammar.proto๏ฟฝ[K

Step #43 - "compile-libfuzzer-address-aarch64": ๏ฟฝ[31mFAILED: ๏ฟฝ[0mtests/luaL_loadbuffer_proto/lua_grammar.pb.h tests/luaL_loadbuffer_proto/lua_grammar.pb.cc /src/testdir/build/tests/luaL_loadbuffer_proto/lua_grammar.pb.h /src/testdir/build/tests/luaL_loadbuffer_proto/lua_grammar.pb.cc 
Step #43 - "compile-libfuzzer-address-aarch64": cd /src/testdir/build/tests/luaL_loadbuffer_proto && /src/testdir/build/tests/external.protobuf_mutator/src/external.protobuf_mutator-build/external.protobuf/bin/protoc --cpp_out /src/testdir/build/tests/luaL_loadbuffer_proto -I /src/testdir/tests/luaL_loadbuffer_proto /src/testdir/tests/luaL_loadbuffer_proto/lua_grammar.proto
Step #43 - "compile-libfuzzer-address-aarch64": ==4449==LeakSanitizer has encountered a fatal error.
Step #43 - "compile-libfuzzer-address-aarch64": ==4449==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
Step #43 - "compile-libfuzzer-address-aarch64": ==4449==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Step #43 - "compile-libfuzzer-address-aarch64": ninja: build stopped: subcommand failed.
Step #43 - "compile-libfuzzer-address-aarch64": ********************************************************************************
Step #43 - "compile-libfuzzer-address-aarch64": Failed to build.
Step #43 - "compile-libfuzzer-address-aarch64": To reproduce, run:
Step #43 - "compile-libfuzzer-address-aarch64": python infra/helper.py build_image lua
Step #43 - "compile-libfuzzer-address-aarch64": python infra/helper.py build_fuzzers --sanitizer address --engine libfuzzer --architecture aarch64 lua
Step #43 - "compile-libfuzzer-address-aarch64": ********************************************************************************

Finished Step #43 - "compile-libfuzzer-address-aarch64"
ERROR
ERROR: build step 43 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1

Log: https://oss-fuzz-build-logs.storage.googleapis.com/log-36437658-64d6-4c63-8c82-ed9b37c47c22.txt

Memory leaks in Lua: luaL_addgsub, luaL_gsub, luaL_loadbuffer

Initially reported in #25 and oss-fuzz#58707.

How to reproduce

CC=clang CXX=clang++ cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DUSE_LUA=ON
cmake --build build --parallel

luaL_addgsub_test:

./build/tests/luaL_addgsub_test
<snipped>
Indirect leak of 29 byte(s) in 1 object(s) allocated from:                                                                                  
    #0 0x559bc122c995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_addgsub_test+0x145995) (BuildId: e31da1e432417eded9
ddb02691e605f88d0d01ad)                                                                                                                     
    #1 0x559bc13749bd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12
    #2 0x559bc12db3bb in luaM_malloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:206:22                           
    #3 0x559bc12c1b83 in luaC_newobjdt /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:260:13                           
    #4 0x559bc12c1de4 in luaC_newobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:271:10
    #5 0x559bc1303550 in createstrobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:148:7
    #6 0x559bc130442c in internshrstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:208:8
    #7 0x559bc13032a2 in luaS_newlstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:223:12
    #8 0x559bc138cdc3 in luaX_init /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/llex.c:72:16
    #9 0x559bc12fff6d in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:238:3
    #10 0x559bc12a786e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #11 0x559bc12ff9aa in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7
    #12 0x559bc137486f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #13 0x559bc126b2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_addgsub_test.cc:25:17

<snipped>

Indirect leak of 32 byte(s) in 1 object(s) allocated from:                                                                                  
    #0 0x559bc122c995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_addgsub_test+0x145995) (BuildId: e31da1e432417eded9
ddb02691e605f88d0d01ad)                                                                                                                     
    #1 0x559bc13749bd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12                            
    #2 0x559bc12dad49 in luaM_realloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:180:14
    #3 0x559bc13075c2 in luaH_resize /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ltable.c:573:14                          
    #4 0x559bc1301185 in init_registry /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:220:3                         
    #5 0x559bc12fff52 in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:235:3
    #6 0x559bc12a786e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #7 0x559bc12ff9aa in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7 
    #8 0x559bc137486f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #9 0x559bc126b2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_addgsub_test.cc:25:17

<snipped>

luaL_gsub_test:

./build/tests/luaL_gsub_test
<snipped>

Indirect leak of 29 byte(s) in 1 object(s) allocated from:
    #0 0x5614209bd995 in realloc (/home/sergeyb/sources/lua-c-api-tests/build/tests/luaL_gsub_test+0x145995) (BuildId: d5278ec1ec3fad35fd14e
bcd6b99d008099d8855)
    #1 0x561420b058cd in l_alloc /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1024:12
    #2 0x561420a6c2cb in luaM_malloc_ /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lmem.c:206:22
    #3 0x561420a52a93 in luaC_newobjdt /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:260:13
    #4 0x561420a52cf4 in luaC_newobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lgc.c:271:10
    #5 0x561420a94460 in createstrobj /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:148:7
    #6 0x561420a9533c in internshrstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:208:8
    #7 0x561420a941b2 in luaS_newlstr /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstring.c:223:12
    #8 0x561420b1dcd3 in luaX_init /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/llex.c:72:16
    #9 0x561420a90e7d in f_luaopen /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:238:3
    #10 0x561420a3877e in luaD_rawrunprotected /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldo.c:144:3
    #11 0x561420a908ba in lua_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lstate.c:407:7
    #12 0x561420b0577f in luaL_newstate /home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lauxlib.c:1095:18
    #13 0x5614209fc2f2 in LLVMFuzzerTestOneInput /home/sergeyb/sources/lua-c-api-tests/tests/luaL_gsub_test.cc:25:17

<snipped>

Is it a false positive or not?

`luaL_loadbuffer_proto_test` often fails due to OOM 

==85855== ERROR: libFuzzer: out-of-memory (used: 2106Mb; limit: 2048Mb)
   To change the out-of-memory limit use -rss_limit_mb=<N>

Live Heap Allocations: 1832284269 bytes in 4368 chunks; quarantined: 216 bytes in 3 chunks; 32943 other chunks; total chunks: 37314; showing top 95% (at most 8 unique contexts)
1073741824 byte(s) (58%) in 1 allocation(s)
    #0 0x563870d0804c in realloc (/home/sergeyb/sources/lua-c-api-tests/build/luajit/tests/capi/luaL_loadbuffer_proto/luaL_loadbuffer_proto_test+0x1ce04c) (BuildId: 6442122e9e32b5e4298f4307ab6fbf1553060f5f)
    #1 0x563870eb426d in lj_mem_realloc /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_gc.c:880:7
    #2 0x563870eb8e34 in buf_grow /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_buf.c:34:17
    #3 0x563870eb987e in lj_buf_more2 /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_buf.c
    #4 0x563870ec9b50 in lj_buf_more /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/./lj_buf.h:109:12
    #5 0x563870ec9b50 in lj_meta_cat /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_meta.c:289:7
    #6 0x563870ea7944 in lj_BC_CAT /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_vm.S:428

733762868 byte(s) (40%) in 7 allocation(s)
    #0 0x563870d0804c in realloc (/home/sergeyb/sources/lua-c-api-tests/build/luajit/tests/capi/luaL_loadbuffer_proto/luaL_loadbuffer_proto_test+0x1ce04c) (BuildId: 6442122e9e32b5e4298f4307ab6fbf1553060f5f)
    #1 0x563870eb426d in lj_mem_realloc /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_gc.c:880:7
    #2 0x563870e02401 in lj_str_alloc /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_str.c:287:14
    #3 0x563870e01891 in lj_str_new /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_str.c:359:12
    #4 0x563870ec9977 in lj_buf_str /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/./lj_buf.h:195:10
    #5 0x563870ec9977 in lj_meta_cat /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_meta.c:304:23
    #6 0x563870ea7944 in lj_BC_CAT /home/sergeyb/sources/lua-c-api-tests/build/luajit/luajit-v2.1/source/src/lj_vm.S:428

SUMMARY: libFuzzer: out-of-memory
reproducer 
-------------------------
local DEFAULT_NUMBER = 1

local always_number = function(val)
    return tonumber(val) or DEFAULT_NUMBER
end

local not_nan_and_nil = function(val)
    return (val ~= val or val == nil) and DEFAULT_NUMBER or val
end

local __add = function(v1, v2)
    return always_number(v1) + always_number(v2)
end
local __call = function(self)
    return self
end
local __concat = function(v1, v2)
    return tostring(v1) .. tostring(v2)
end
local __div = function(v1, v2)
    return always_number(v1) / always_number(v2)
end
local __index = function(self, key)
    if type(self) == 'table' then
        return rawget(self, key)
    end
    return always_number(key)
end
local __le = function(v1, v2)
    if type(v1) == 'number' and type(v2) == 'number' then
        return v1 <= v2 -- Numeric comparison.
    elseif type(v1) == 'string' and type(v2) == 'string' then
        return v1 <= v2 -- Lexicographic comparison.
    else
        return always_number(v1) <= always_number(v2)
    end
end
local __len = function(_v)
    return DEFAULT_NUMBER
end
local __lt = function(v1, v2)
    if type(v1) == 'number' and type(v2) == 'number' then
        return v1 < v2 -- Numeric comparison.
    elseif type(v1) == 'string' and type(v2) == 'string' then
        return v1 < v2 -- Lexicographic comparison.
    else
        return always_number(v1) < always_number(v2)
    end
end
local __mod = function(v1, v2)
    return always_number(v1) % always_number(v2)
end
local __mul = function(v1, v2)
    return always_number(v1) * always_number(v2)
end
local __newindex = function(self, key, value)
    if type(self) == 'table' then
        if key ~= key or key == nil then
            key = tostring(key)
        end
        rawset(self, key, value)
    end
end
local __pow = function(v1, v2)
    return always_number(v1) ^ always_number(v2)
end
local __sub = function(v1, v2)
    return always_number(v1) - always_number(v2)
end
local __unm = function(v)
    return - always_number(v)
end

debug.setmetatable('string', {
    __add = __add,
    __call = __call,
    __div = __div,
    __index = __index,
    __mod = __mod,
    __mul = __mul,
    __newindex = __newindex,
    __pow = __pow,
    __sub = __sub,
    __unm = __unm,
})
debug.setmetatable(0, {
    __add = __add,
    __call = __call,
    __concat = __concat,
    __div = __div,
    __index = __index,
    __len = __len,
    __newindex = __newindex,
})
debug.setmetatable(nil, {
    __add = __add,
    __call = __call,
    __concat = __concat,
    __div = __div,
    __index = __index,
    __le = __le,
    __len = __len,
    __lt = __lt,
    __mod = __mod,
    __mul = __mul,
    __newindex = __newindex,
    __pow = __pow,
    __sub = __sub,
    __unm = __unm,
})
debug.setmetatable(function() end, {
    __add = __add,
    __concat = __concat,
    __div = __div,
    __index = __index,
    __le = __le,
    __len = __len,
    __lt = __lt,
    __mod = __mod,
    __mul = __mul,
    __newindex = __newindex,
    __pow = __pow,
    __sub = __sub,
    __unm = __unm,
})
debug.setmetatable(true, {
    __add = __add,
    __call = __call,
    __concat = __concat,
    __div = __div,
    __index = __index,
    __le = __le,
    __len = __len,
    __lt = __lt,
    __mod = __mod,
    __mul = __mul,
    __newindex = __newindex,
    __pow = __pow,
    __sub = __sub,
    __unm = __unm,
})
local table_mt = {
    __add = __add,
    __call = __call,
    __concat = __concat,
    __div = __div,
    __le = __le,
    __len = __len,
    __lt = __lt,
    __mod = __mod,
    __mul = __mul,
    __newindex = __newindex,
    __pow = __pow,
    __sub = __sub,
    __unm = __unm,
}

local only_numbers_cmp = function(v1, v2, cmp_op_str)
    local op_func = {
        ['<'] = function(a1, a2) return a1 < a2 end,
        ['<='] = function(a1, a2) return a1 <= a2 end,
        ['>'] = function(a1, a2) return a1 > a2 end,
        ['>='] = function(a1, a2) return a1 >= a2 end,
    }
    if type(v1) == 'number' and
       type(v2) == 'number' then
        return op_func[cmp_op_str](v1, v2)
    end
    return false
end

---------------------- END OF PREAMBLE ----------------------------

-- REPRO 1: string length overflow
--
--[[
counter_0 = 0
Name0 = 'Name' ;
repeat
if counter_0 > 5 then break end
counter_0 = counter_0 + 1
Name0, ( (setmetatable({ [ not_nan_and_nil('Name') ] = Name0 }, table_mt))()):Name0  (setmetatable({  }, table_mt))()['Name']  = (Name0 .. Name0) .. ('Name' .. Name0) .. Name0, 'Name', 'Name' ;
Name0 = Name0 .. Name0 .. (Name0 .. Name0) .. ('Name' and Name0) .. Name0 .. Name0, true ;
until nil;
]]

-- REPRO 2: not enough memory
--
--[[
counter_0 = 0
Name0 = 'Name' ;
repeat
if counter_0 > 5 then break end
counter_0 = counter_0 + 1
Name0, ( (setmetatable({ [ not_nan_and_nil('Name') ] = Name0 }, table_mt))()):Name0  (setmetatable({  }, table_mt))()['Name']  = (Name0 .. Name0) .. ('Name' .. Name0) .. Name0, 'Name', 'Name' ;
Name0 = Name0 .. Name0 .. (Name0 .. Name0) .. ('Name' and Name0) .. Name0 .. Name0, true ;
until nil;
]]
protobuf struct 
chunk {
  stat {
  }
  stat {
    repeatcycle {
      block {
        chunk {
          stat {
            list {
              varlist {
                var {
                }
                vars {
                  indexexpr {
                    prefixexp {
                      functioncall {
                        namedArgs {
                          prefixexp {
                            exp {
                              tableconstructor {
                                fieldlist {
                                  firstField {
                                    exprassign {
                                      key {
                                      }
                                      value {
                                        prefixexp {
                                        }
                                      }
                                    }
                                  }
                                }
                              }
                            }
                          }
                          name {
                            name: ""
                            num: 0
                          }
                          args {
                          }
                        }
                      }
                    }
                    exp {
                    }
                  }
                }
              }
              explist {
                expressions {
                  binary {
                    leftexp {
                      prefixexp {
                        exp {
                          binary {
                            leftexp {
                              prefixexp {
                              }
                            }
                            binop {
                              concat: 4
                            }
                            rightexp {
                              prefixexp {
                              }
                            }
                          }
                        }
                      }
                    }
                    binop {
                      concat: 4
                    }
                    rightexp {
                      binary {
                        leftexp {
                          prefixexp {
                            exp {
                              binary {
                                leftexp {
                                }
                                binop {
                                  concat: 0
                                }
                                rightexp {
                                  prefixexp {
                                  }
                                }
                              }
                            }
                          }
                        }
                        binop {
                          concat: 4
                        }
                        rightexp {
                          prefixexp {
                          }
                        }
                      }
                    }
                  }
                }
                expressions {
                }
                explast {
                }
              }
            }
          }
          stat {
            list {
              varlist {
                var {
                }
              }
              explist {
                expressions {
                  binary {
                    leftexp {
                      binary {
                        leftexp {
                          prefixexp {
                          }
                        }
                        binop {
                          concat: 4
                        }
                        rightexp {
                          prefixexp {
                          }
                        }
                      }
                    }
                    binop {
                      concat: 0
                    }
                    rightexp {
                      binary {
                        leftexp {
                          binary {
                            leftexp {
                              prefixexp {
                                exp {
                                  binary {
                                    leftexp {
                                      prefixexp {
                                      }
                                    }
                                    binop {
                                      concat: 4
                                    }
                                    rightexp {
                                      prefixexp {
                                      }
                                    }
                                  }
                                }
                              }
                            }
                            binop {
                              concat: 4
                            }
                            rightexp {
                              binary {
                                leftexp {
                                  prefixexp {
                                    exp {
                                      binary {
                                        leftexp {
                                        }
                                        binop {
                                          and: 0
                                        }
                                        rightexp {
                                          prefixexp {
                                          }
                                        }
                                      }
                                    }
                                  }
                                }
                                binop {
                                  concat: 4
                                }
                                rightexp {
                                  prefixexp {
                                  }
                                }
                              }
                            }
                          }
                        }
                        binop {
                          concat: 4
                        }
                        rightexp {
                          prefixexp {
                          }
                        }
                      }
                    }
                  }
                }
                explast {
                  true: 5
                }
              }
            }
          }
        }
      }
      condition {
        nil: 0
      }
    }
  }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.