lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Mike Pall just reported the following bug:

> $ ulimit -s 1024       # Reduce C stack to 1MB for quicker results
> $ lua -e 'local s = "a,"; for i=1,18 do s = s..s end print(loadstring("local a"..s.."a=nil", ""))'
> Segmentation fault
> $
> 
> The problem is in lparser.c:assignment(). The RHS parser checks for
> overflow (in luaK_*, limit MAXSTACK). Unfortunately the LHS parser needs
> to complete first and has no such overflow check.  This can blow up the
> C stack easily (especially on embedded platforms).

The patch is two lines in lparser.c:

@@ -938,6 +938,8 @@
     primaryexp(ls, &nv.v);
     if (nv.v.k == VLOCAL)
       check_conflict(ls, lh, &nv.v);
+    luaY_checklimit(ls->fs, ls->L->nCcalls + nvars, LUAI_MAXCCALLS,
+                    "variable names");
     assignment(ls, &nv, nvars+1);
   }
   else {  /* assignment -> `=' explist1 */


-- Roberto