SIGSEGV when using ffi.string with char[?] VLA

[piotrp]

Reproduction case:

1. Save as ffi_sigsegv.lua

local ffi = require "ffi"
local t_char = ffi.typeof("char[?]")

for i = 1, 10000 do
  local str = "abc" .. i .. "bca"
  print(i)
  ffi.string(t_char(#str, str), 1)
end

print("ok")

2. Run docker run --rm -it -v "$(pwd):/work" openresty/openresty:1.19.9.1-buster-fat bash -c 'resty /work/ffi_sigsegv.lua; echo $?'

Run a few times if it prints "ok", on my system it's failing nine times out of ten. I tried running it via luajit but then I didn't manage to make it crash.

[piotrp]

Maybe LuaJIT tries to initialize my array with entirety of passed data, i.e. all characters of string str + implicit 0x0 to terminate it? But that shouldn't be the case.

[doujiang24]

Interesting, I do think it is a bug.

[doujiang24]

i.e. all characters of string str + implicit 0x0 to terminate it?

Yes, you are right. It's indeed the behaviour of the official LuaJIT.

I found the source code here:
https://github.com/LuaJIT/LuaJIT/blob/v2.1/src/lj_cconv.c#L591

I have created a issue in official LuaJIT repo: LuaJIT/LuaJIT#758
So, closing this issue.

Thanks for your report, it's interesting anyway.