[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: bug
- From: roberto@... (Roberto Ierusalimschy)
- Date: Tue, 31 Jul 2007 16:23:06 -0300
Mike Pall just reported the following bug:
> $ ulimit -s 1024 # Reduce C stack to 1MB for quicker results
> $ lua -e 'local s = "a,"; for i=1,18 do s = s..s end print(loadstring("local a"..s.."a=nil", ""))'
> Segmentation fault
> $
>
> The problem is in lparser.c:assignment(). The RHS parser checks for
> overflow (in luaK_*, limit MAXSTACK). Unfortunately the LHS parser needs
> to complete first and has no such overflow check. This can blow up the
> C stack easily (especially on embedded platforms).
The patch is two lines in lparser.c:
@@ -938,6 +938,8 @@
primaryexp(ls, &nv.v);
if (nv.v.k == VLOCAL)
check_conflict(ls, lh, &nv.v);
+ luaY_checklimit(ls->fs, ls->L->nCcalls + nvars, LUAI_MAXCCALLS,
+ "variable names");
assignment(ls, &nv, nvars+1);
}
else { /* assignment -> `=' explist1 */
-- Roberto