Skip to content

Commit cb1a953

Browse files
ligurioligurio
committed
readme: add known issues
1 parent 9348ca6 commit cb1a953

File tree

1 file changed

+30
-0
lines changed

1 file changed

+30
-0
lines changed

README.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,36 @@ cd build && RUNS=100000 ctest -R luaL_gsub_test --verbose
6666
- [Lua 5.2 Reference Manual: 4 – The Application Program Interface](https://www.lua.org/manual/5.2/manual.html#4)
6767
- [Lua 5.1 Reference Manual: 3 – The Application Program Interface](https://www.lua.org/manual/5.1/manual.html#3)
6868

69+
### Known Issues
70+
71+
Fuzzing can find a wide variety of problems, but not all problems
72+
are considered bugs. Some problems are due to known limitations in
73+
the implementation. This section contains a list of such
74+
limitations in LuaJIT and PUC Rio Lua:
75+
76+
1. LuaJIT build infrastructure has source code that contains
77+
memory leaks and other problems. For example,
78+
`src/host/buildvm.c` and `src/host/minilua.c`. Suppressed in
79+
AddressSanitizer with function `__lsan_is_turned_off()` that
80+
disallow leak checking for the program it is linked into.
81+
1. Bytecode input is unsafe in LuaJIT, see
82+
https://github.com/LuaJIT/LuaJIT/issues/847 and https://luajit.org/faq.html#sandbox.
83+
The string "mode" controls whether the chunk can be text or binary
84+
(that is, a precompiled chunk). It may be the string "b" (only binary
85+
chunks), "t" (only text chunks), or "bt" (both binary and text). The
86+
default is "bt". Lua runtime (at least PUC Rio Lua and LuaJIT)
87+
has bytecode and Lua parsers. It is desired to test both
88+
parsers, however, in LuaJIT bytecode parser failed with assertion:
89+
LuaJIT ASSERT `lj_bcread.c:123: bcread_byte: buffer read overflow`
90+
so in LuaJIT only text mode is used and therefore only text parser is
91+
tested.
92+
1. The `debug` library is defined as unsafe. There are tons of ways
93+
to produce a crash with it. See https://github.com/LuaJIT/LuaJIT/issues/1264.
94+
The `debug` functions is not a subject of testing.
95+
1. String functions `lj_str_new()` and `lj_str_cmp()` may read
96+
pass a buffer end (so called "dirty" read). Suppressed in
97+
AddressSanitizer with `__attribute__((no_sanitize_address))`.
98+
6999
### License
70100

71101
Copyright (C) 2022-2025 [Sergey Bronnikov](https://bronevichok.ru/),

0 commit comments

Comments
 (0)