Re: Bug with unchecked stack overflow with coroutines

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bug with unchecked stack overflow with coroutines
From: Roberto Ierusalimschy <roberto@...>
Date: Mon, 11 Feb 2008 11:01:26 -0200

> Lua 5.1.3  Copyright (C) 1994-2008 Lua.org, PUC-Rio
> > j = 1e4
> > co = coroutine.create(function() t = {} for i = 1, j do t[i] = i end return unpack(t) end)
> > print(coroutine.resume(co))
> Segmentation fault
> 
> this appears to only happen in Lua 5.1.3, 5.1.2 correctly catches this:
>
> [...]

It seems to be (at least) two bugs here. The first one is that
'auxresume' checks the stack for 'narg' values and pushes those 'narg'
values, but then luaB_coresume pushes yet another value ('true'),
overflowing the stack.  (Lua 5.1.2 also has this bug, but it needs a
different 'j'.)

The second bug is much more serious: following a suggestion from Reuben
Tomas, we increased the limit for the C stack. But we forgot to adjust
the values of LUA_REGISTRYINDEX and the like, so negative stack indices
may overlap with these values, with disastrous consequences.

-- Roberto

Follow-Ups:
- Re: Bug with unchecked stack overflow with coroutines, Patrick Donnelly
- Re: Bug with unchecked stack overflow with coroutines, Mike Pall

References:
- Bug with unchecked stack overflow with coroutines, Patrick Donnelly

Prev by Date: Re: Bug with unchecked stack overflow with coroutines
Next by Date: Re: Bug with unchecked stack overflow with coroutines
Previous by thread: Re: Bug with unchecked stack overflow with coroutines
Next by thread: Re: Bug with unchecked stack overflow with coroutines
Index(es):
- Date
- Thread