lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> > Warning : implicit arithmetic conversion from 'int' to 'unsigned int'
> > lstring.c line 65     h = lmod(h, tb->size);
> 
> Here, 'h' really shouldn't be reused. Indexing with ints vs.
> unsigned ints makes a difference on some platforms.

I am afraid I missed you here.


> > Warning : implicit arithmetic conversion from 'unsigned long' to 'long'
> > lstrlib.c line 31     lua_pushinteger(L, l);
> >
> > Warning : implicit arithmetic conversion from 'long' to 'unsigned long'
> > lstrlib.c line 50       lua_pushlstring(L, s+start-1, end-start+1);
> >
> > Warning : implicit arithmetic conversion from 'unsigned long' to 'long'
> > lstrlib.c line 112     if ((size_t)pose > l) pose = l;
> 
> These look like potential security holes on first inspection. But
> I don't think it's possible to create a string bigger than half
> the virtual address space (e.g. >2GB on a 32 bit OS) in the first
> place. So a few casts should silence them.

The 'long' and 'unsigned long' reported here are actually ptrdiff_t
and size_t. If the compiler allows a string bigger than half the
virtual address space, it is its problem to provide a ptrdiff_t large
enough to count those sizes.


> > Warning : implicit arithmetic conversion from 'unsigned long' to 'long'
> > lstrlib.c line 651     int max_s = aL_optinteger(L, ( 4), ( srcl+1)));
> 
> This is a real bug, because sizeof(size_t) may be larger than
> sizeof(int), e.g. on a 64 bit OS.

That is true. Thanks!

-- Roberto