4.0b lua_pushcclosure bug?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: 4.0b lua_pushcclosure bug?
From: "John Belmonte" <jvb@...>
Date: Thu, 12 Oct 2000 16:41:25 +0900

I'm not sure if this qualifies as a bug, but lua_pushcclosure doesn't verify
that the upvalues actually exist on the stack.  If they don't then invalid
values will be put on the stack for the function call, causing a crash if
they are accessed.  Following is an example.

-John


  int callhandler( lua_State* L )
  {
    printf( "%s\n", lua_type(L, -1) );
    return 0;
  }

  int main()
  {
    lua_State* L = lua_open( 0 );
    lua_baselibopen( L );
    lua_pushcclosure( L, callhandler, 1 );  // oops
    lua_setglobal( L, "crasher" );
    lua_dostring( L, "print('hi'); crasher(); print('bye');" );
  }

Prev by Date: lua_topointer?
Next by Date: Re[2]: about the final version
Previous by thread: lua_topointer?
Next by thread: Re: 4.0b lua_pushcclosure bug?
Index(es):
- Date
- Thread