Re: unpack segfault

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: unpack segfault
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 13 Feb 2008 14:23:38 -0200

Again, there seems to be two bugs. First, we should avoid arithmetic
overflow in lua_checkstack:

 LUA_API int lua_checkstack (lua_State *L, int size) {
-  int res;
+  int res = 1;
   lua_lock(L);
-  if ((L->top - L->base + size) > LUAI_MAXCSTACK)
+  if (size > LUAI_MAXCSTACK || (L->top - L->base + size) > LUAI_MAXCSTACK)
     res = 0;  /* stack overflow */
-  else {
+  else if (size > 0) {
     luaD_checkstack(L, size);
     if (L->ci->top < L->top + size)
       L->ci->top = L->top + size;
-    res = 1;
   }
   lua_unlock(L);
   return res;
 }


Then, we should avoid arithmetic overflow in unpack:

static int luaB_unpack (lua_State *L) {
  int i, e, n;
  luaL_checktype(L, 1, LUA_TTABLE);
  i = luaL_optint(L, 2, 1);
  e = luaL_opt(L, luaL_checkint, 3, (int)lua_objlen(L, 1));
  if (i > e) return 0;  /* empty range */
  n = e - i + 1;  /* number of elements */
  if (n <= 0 || !lua_checkstack(L, n))  /* n <= 0 means arith. overflow */
    luaL_error(L, "too many results to unpack");
  lua_rawgeti(L, 1, i);  /* push arg[i] (avoiding overflow problems) */
  while (i++ < e)  /* push arg[i + 1...e] */
    lua_rawgeti(L, 1, i);
  return n;
}


-- Roberto

References:
- unpack segfault, Patrick Donnelly
- Re: unpack segfault, Patrick Donnelly
- Re: unpack segfault, Patrick Donnelly
- Re: unpack segfault, Patrick Donnelly

Prev by Date: Re: unpack segfault
Next by Date: [Q] debugging Lua and C/C++ in one go
Previous by thread: Re: unpack segfault
Next by thread: ANN: Alien 0.3.1
Index(es):
- Date
- Thread