lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 05/01/2016 21:12, Dirk Laurie wrote:
2016-01-05 19:18 GMT+02:00 Lorenzo Donati <>:

On 01/01/2016 15:30, Roberto Ierusalimschy wrote:

local mt = {}
mt.__newindex = mt
local t = setmetatable({}, mt)
t[1] = 1
The bug is quite subtle. Follows a fix:

Although it is subtle, it seems easy to trigger in Lua code.

Do you have an example that does not involve making
__newindex be the metatable itself?

No. Should I?
I said "it seems", so I was asking for clarification.

For "easy" I meant that triggering the crash doesn't need complicated instruction sequences or weird values fed to some esoteric function, but just operations a mildly experienced Lua programmer may legitimately try out.

Using the metatable as target for newindex? Well, I cannot say if it is a widespread technique in some weird OO framework, or what could be useful for (too tired now), but it doesn't seem so weird that someone honestly couldn't find a legitimate use for it.

I stand to be corrected, though; constant use of Lua made me reconsider a lot of my OO habits of my Java/C++ past, so I use a more basic OO approach now and tend to shun heavy OO contraptions. Therefore I'm a bit "rusted" on what are "legitimate/useful" metatable tricks.

OTOH, please, keep in mind that we are not talking about a simple misbehavior of the Lua engine, but a straightaway crash, so a real showstopper and a potential security risk.

Having the latest Lua source with such a bug in it is not something particularly good, IMHO. At least from a "marketing" POV.

This is especially true for new users, with little experience with C and unable to apply the patch suggested by Roberto. And this is more important because the standard distro is source only, so a newbie cannot simply download a patched binary and be happy with it.

My 2eurocent, anyway.


-- Lorenzo