lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> On Thu, May 11, 2017 at 2:49 PM, Roberto Ierusalimschy <
>> wrote:
> >  My machine does not have enough memory to reproduce the bug. Can you
> give me the value of '*pna' when 'computesizes' is called?
> *pna = 0x40000001.
> twotoi = 0
> a = 0xccd4bc95
> na = 0xccd4bc95
> optimal = 0
> i = 1832
Many thanks.

> Note the value of i I gave previously was different. So the other things
> might also be different, except that I am pretty sure *pna is always
> 0x40000001.

'twotoi' is overflowing, and then the loop goes wild until a crash, so
the final 'i' is noise.

With 0x40000001, a size of 0x80000000 for the array part is already
justified, so the algorithm tries to go to the next size (0x100000000)
to see if it can fill that, but 0x100000000 overflows 'twotoi',
which is an unsigned integer.

-- Roberto