bug

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: bug
From: roberto@... (Roberto Ierusalimschy)
Date: Tue, 31 Jul 2007 16:23:06 -0300

Mike Pall just reported the following bug:

> $ ulimit -s 1024       # Reduce C stack to 1MB for quicker results
> $ lua -e 'local s = "a,"; for i=1,18 do s = s..s end print(loadstring("local a"..s.."a=nil", ""))'
> Segmentation fault
> $
> 
> The problem is in lparser.c:assignment(). The RHS parser checks for
> overflow (in luaK_*, limit MAXSTACK). Unfortunately the LHS parser needs
> to complete first and has no such overflow check.  This can blow up the
> C stack easily (especially on embedded platforms).

The patch is two lines in lparser.c:

@@ -938,6 +938,8 @@
     primaryexp(ls, &nv.v);
     if (nv.v.k == VLOCAL)
       check_conflict(ls, lh, &nv.v);
+    luaY_checklimit(ls->fs, ls->L->nCcalls + nvars, LUAI_MAXCCALLS,
+                    "variable names");
     assignment(ls, &nv, nvars+1);
   }
   else {  /* assignment -> `=' explist1 */


-- Roberto

Follow-Ups:
- Re: bug, Anders Bergh

Prev by Date: Re: lists with nil play nice for Lua 5.2
Next by Date: Re: lists with nil play nice for Lua 5.2
Previous by thread: Re: Files and directories manipulation
Next by thread: Re: bug
Index(es):
- Date
- Thread