lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi,

Roberto Ierusalimschy wrote:
> > These look like potential security holes on first inspection. But
> > I don't think it's possible to create a string bigger than half
> > the virtual address space (e.g. >2GB on a 32 bit OS) in the first
> > place. So a few casts should silence them.
> 
> The 'long' and 'unsigned long' reported here are actually ptrdiff_t
> and size_t. If the compiler allows a string bigger than half the
> virtual address space, it is its problem to provide a ptrdiff_t large
> enough to count those sizes.

Sure, this applies to C strings. But, luaV_concat() may create a
string of MAX_SIZET length. And realloc()'s API allows it, too.
Maybe libc's memory allocator saves you and disallows that, but I
wouldn't count on it.

Using MAX_SIZET/2 is probably safer, but too limiting for 16 bit
platforms (some have a 16 bit size_t and a 32 bit ptrdiff_t).

Bye,
     Mike