Bug in Lua code generator

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Bug in Lua code generator
From: "Rici Lake" <lua@...>
Date: Sun, 29 Apr 2007 00:37:19 +0100 (BST)

(This bug was discovered by David Manura.)

The unary operators, OP_UNM, OP_LEN and OP_NOT do not allow constants for
the B operand. It's not clear to me why not, but in any case, the test at
line 702 of lcode.c is incorrect:

     if (e->k == VK)

The expression at that point could be nil or a boolean, in which case it
will not be placed into a register and  <OP_UNM r, k> will be produced.
This can be demonstrated:

-bash-2.05b$ src/luac -l -l -
return -nil
^D
main <stdin:0,0> (3 instructions, 12 bytes at 0x8065000)
0+ params, 2 slots, 0 upvalues, 0 locals, 1 constant, 0 functions
        1       [1]     UNM             0 -1
        2       [1]     RETURN          0 2
        3       [1]     RETURN          0 1
constants (1) for 0x8065000:
        1       nil
locals (0) for 0x8065000:
upvalues (0) for 0x8065000:
-bash-2.05b$ src/lua luac.out
src/lua: luac.out: bad code in precompiled chunk


On Windows, this causes a segfault if the vm code is not checked. It
presumably could cause arbitrary behaviour on other OS's as well.

The solution would be either to make OP_UNM accept RK(B) instead of just
R(B), or to change the test in line 702 of lcode.c to include VNIL, VFALSE
and VTRUE

Follow-Ups:
- Re: Bug in Lua code generator, Roberto Ierusalimschy

Prev by Date: Re: Precompile my Lua Library Code
Next by Date: Re: Lua string
Previous by thread: Re: abort a lua_newthread from C and re-use its lua_State?
Next by thread: Re: Bug in Lua code generator
Index(es):
- Date
- Thread