Skip to content

#21 call asan on setjmp #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
balupillai wants to merge 4 commits into
base: main
Choose a base branch
from
Open

#21 call asan on setjmp #22

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8148e45
#21 call asan on setjmp
balupillai Apr 2, 2026
bb9f3f1
#21 call asan on setjmp
balupillai Apr 2, 2026
e0df8a3
#21 call asan on setjmp
balupillai Apr 2, 2026
18b1507
#lua-21 cleanup
balupillai Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion src/thrlua.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,15 @@ struct lua_longjmp {
# define LUA_ASMNAME(x) _##x
#endif

#if LUA_ARCH_X86_64
/*
** Under AddressSanitizer, use system setjmp/longjmp so ASAN can
** intercept them and properly unpoison skipped stack frames.
** The custom asm versions bypass ASAN and cause false positives.
*/
#if defined(__SANITIZE_ADDRESS__)
# define lua_do_setjmp setjmp
# define lua_do_longjmp longjmp
Copy link
Copy Markdown

@cursor cursor Bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ASAN detection misses Clang before version 21

Low Severity

The ASAN check uses only __SANITIZE_ADDRESS__, which GCC has supported since 4.8 but Clang only added in version 21 (2026). Clang versions before 21 use __has_feature(address_sanitizer) instead. Builds with older Clang and -fsanitize=address will silently skip this block and continue using the custom asm setjmp/longjmp, defeating the purpose of the ASAN fix. The common portable pattern checks both: defined(__SANITIZE_ADDRESS__) || (defined(__has_feature) && __has_feature(address_sanitizer)).

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 27c45ad. Configure here.

Copy link
Copy Markdown

@cursor cursor Bot May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ASAN path incorrectly triggers extern declarations for setjmp

Medium Severity

When __SANITIZE_ADDRESS__ is defined, lua_do_setjmp is #define'd to setjmp before the #ifdef lua_do_setjmp guard on line 239, causing the extern declaration block (designed for custom asm symbols) to be entered. The declarations expand through the platform's setjmp macro — on glibc this happens to produce a valid _setjmp re-declaration, but on platforms where setjmp(env) expands to e.g. sigsetjmp(env, 1), the result is invalid syntax. The ASAN path duplicates the intent of the #else fallback on lines 243–245 but inadvertently goes through the wrong code path.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 18b1507. Configure here.

#elif LUA_ARCH_X86_64
# define lua_do_setjmp LUA_ASMNAME(lua_setjmp_amd64)
# define lua_do_longjmp LUA_ASMNAME(lua_longjmp_amd64)
#elif LUA_ARCH_I386
Expand Down