|
 |
006bc1 |
From 046129dbdda5261c1b17469a2895a113d14c070a Mon Sep 17 00:00:00 2001
|
|
|
006bc1 |
From: Mike Pall <mike>
|
|
|
006bc1 |
Date: Tue, 27 Feb 2018 23:02:23 +0100
|
|
|
006bc1 |
Subject: [PATCH 34/72] Fix rechaining of pseudo-resurrected string keys.
|
|
|
006bc1 |
|
|
|
006bc1 |
This is a serious bug. But extremely hard to reproduce, so it went
|
|
|
006bc1 |
undetected for 8 years. One needs two resurrections with different
|
|
|
006bc1 |
main nodes, which are both in a hash chain which gets relinked on
|
|
|
006bc1 |
key insertion where the colliding node is in a non-main position. Phew.
|
|
|
006bc1 |
|
|
|
006bc1 |
Thanks to lbeiming.
|
|
|
006bc1 |
---
|
|
|
006bc1 |
src/lj_tab.c | 23 +++++++++++++++++++++++
|
|
|
006bc1 |
1 file changed, 23 insertions(+)
|
|
|
006bc1 |
|
|
|
006bc1 |
diff --git a/src/lj_tab.c b/src/lj_tab.c
|
|
|
006bc1 |
index 50f447e..f2f3c0b 100644
|
|
|
006bc1 |
--- a/src/lj_tab.c
|
|
|
006bc1 |
+++ b/src/lj_tab.c
|
|
|
006bc1 |
@@ -457,6 +457,29 @@ TValue *lj_tab_newkey(lua_State *L, GCtab *t, cTValue *key)
|
|
|
006bc1 |
freenode->next = nn->next;
|
|
|
006bc1 |
nn->next = n->next;
|
|
|
006bc1 |
setmref(n->next, nn);
|
|
|
006bc1 |
+ /*
|
|
|
006bc1 |
+ ** Rechaining a resurrected string key creates a new dilemma:
|
|
|
006bc1 |
+ ** Another string key may have originally been resurrected via
|
|
|
006bc1 |
+ ** _any_ of the previous nodes as a chain anchor. Including
|
|
|
006bc1 |
+ ** a node that had to be moved, which makes them unreachable.
|
|
|
006bc1 |
+ ** It's not feasible to check for all previous nodes, so rechain
|
|
|
006bc1 |
+ ** any string key that's currently in a non-main positions.
|
|
|
006bc1 |
+ */
|
|
|
006bc1 |
+ while ((nn = nextnode(freenode))) {
|
|
|
006bc1 |
+ if (tvisstr(&nn->key) && !tvisnil(&nn->val)) {
|
|
|
006bc1 |
+ Node *mn = hashstr(t, strV(&nn->key));
|
|
|
006bc1 |
+ if (mn != freenode) {
|
|
|
006bc1 |
+ freenode->next = nn->next;
|
|
|
006bc1 |
+ nn->next = mn->next;
|
|
|
006bc1 |
+ setmref(mn->next, nn);
|
|
|
006bc1 |
+ } else {
|
|
|
006bc1 |
+ freenode = nn;
|
|
|
006bc1 |
+ }
|
|
|
006bc1 |
+ } else {
|
|
|
006bc1 |
+ freenode = nn;
|
|
|
006bc1 |
+ }
|
|
|
006bc1 |
+ }
|
|
|
006bc1 |
+ break;
|
|
|
006bc1 |
} else {
|
|
|
006bc1 |
freenode = nn;
|
|
|
006bc1 |
}
|
|
|
006bc1 |
--
|
|
|
006bc1 |
2.20.1
|
|
|
006bc1 |
|