lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

version: lua 5.3.4


I`m not this is really a bug or not but probably something worth
looking at (?). Basically it looks that asking for very large
allocation of memory (59GB in case below) will happily be accepted by
Lua. This leads of pretty much system halt because eventually the
system will run out of memory.

If you run this code in Lua interpreter it will attempt to allocate
59GB of memory:

The actual code will attempt to allocate the buffer before it checks
for size of available memory and thus result in quite a big system
hang. In particular 'newsize' parameter is just taken straight in as parameter and thus never really sanitized:

 461 static void *resizebox (lua_State *L, int idx, size_t newsize) {
 462   void *ud;
 463   lua_Alloc allocf = lua_getallocf(L, &ud);
 464   UBox *box = (UBox *)lua_touserdata(L, idx);
 465   void *temp = allocf(ud, box->box, box->bsize, newsize);
 466   if (temp == NULL && newsize > 0) {  /* allocation error? */
 467     resizebox(L, idx, 0);  /* free buffer */
 468     luaL_error(L, "not enough memory for buffer allocation");
 469   }

Lua doesn't crash just hags as a result ..