Skip to content

Latest commit

 

History

History
69 lines (64 loc) · 3.34 KB

TROPHIES.md

File metadata and controls

69 lines (64 loc) · 3.34 KB
Raw

PUC Rio Lua

  1. "Re: More disciplined use of 'getstr' and 'tsslen'", https://marc.info/?l=lua-l&m=169289729129364&w=2#2 https://github.com/lua/lua/commit/9b4f39ab14fb2e55345c3d23537d129dac23b091
  2. Stack overflow in getobjname, https://marc.info/?l=lua-l&m=169867263111530&w=2, https://github.com/lua/lua/commit/7923dbbf72da303ca1cca17efd24725668992f15
  3. Heap buffer overflow in luaC_newobjdt, https://marc.info/?l=lua-l&m=170274071304413&w=2 https://github.com/lua/lua/commit/5853c37a83ec66ccb45094f9aeac23dfdbcde671
  4. "heap-use-after-free" issue in luaV_finishget, https://groups.google.com/g/lua-l/c/s2hBcf8aLIU https://github.com/lua/lua/commit/88a50ffa715483e7187c0d7d6caaf708ebacf756
  5. Assertion in luaK_codeABCk, https://groups.google.com/g/lua-l/c/H0Iq-eAig94

LuaJIT

  1. 0th register may be considered as RID_NONE in asm_head_side, LuaJIT/LuaJIT#1016, https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58555
  2. Use-def analysis for VARG doesn't purge some dead JIT slots LuaJIT/LuaJIT#1024
  3. ASSERT: itype2irt(tv) == ((IRType)(((&J->fold.ins)->t).irt & IRT_TYPE)), LuaJIT/LuaJIT#981, https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57424
  4. ASSERT: bc_isret(((BCOp)((ins[-1])&0xff))), LuaJIT/LuaJIT#913, https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57548
  5. Crash during parsing in the predict_next(), LuaJIT/LuaJIT#1033
  6. Incorrect PC value in a function predict_next, LuaJIT/LuaJIT#1054
  7. VM handler call on constructed testcase, LuaJIT/LuaJIT#1087
  8. Red zone overflow on trace compilation, LuaJIT/LuaJIT#1116
  9. IR_NEWREF is missing a NaN check, LuaJIT/LuaJIT#1069
  10. Heap-use-after-free in lj_gc_finalize_cdata on access to CTState->finalizer, LuaJIT/LuaJIT#1168
  11. Down-recursion of a side trace may corrupt the host stack, LuaJIT/LuaJIT#1169
  12. GC64 mode may overflow the LJ_MAX_JSLOTS limit for a stitched trace., LuaJIT/LuaJIT#1173
  13. State not restored during recording if __concat metamethod throws an error, LuaJIT/LuaJIT#1234 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69897
  14. Uninitialized cts->L and error handling issues in recff_cdata_arith, LuaJIT/LuaJIT#1224
  15. OOM errors during GC step raising in the context of a JIT trace, LuaJIT/LuaJIT#1247, tarantool/tarantool#10290
  16. stack-buffer-overflow in narrow_conv_backprop, LuaJIT/LuaJIT#1262, https://oss-fuzz.com/testcase?key=6250635821907968

Tarantool

  1. Assertion 'ls->p < ls->pe' failed: lj_bcread.c:122: uint32_t bcread_byte(LexState *), tarantool/tarantool#4824
  2. Fix narrowing of unary minus, tarantool/tarantool#6976
  3. ASSERT: lj_obj_equal(tv, &tvk), LuaJIT/LuaJIT#9 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57435
  4. Recording of __concat in GC64 mode, LuaJIT/LuaJIT#839