[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: [BUG] crash in Lua on table insertion
- From: Roberto Ierusalimschy <roberto@...>
- Date: Thu, 11 May 2017 11:06:12 -0300
> On Thu, May 11, 2017 at 2:49 PM, Roberto Ierusalimschy <
> email@example.com> wrote:
> > My machine does not have enough memory to reproduce the bug. Can you
> give me the value of '*pna' when 'computesizes' is called?
> *pna = 0x40000001.
> twotoi = 0
> a = 0xccd4bc95
> na = 0xccd4bc95
> optimal = 0
> i = 1832
> Note the value of i I gave previously was different. So the other things
> might also be different, except that I am pretty sure *pna is always
'twotoi' is overflowing, and then the loop goes wild until a crash, so
the final 'i' is noise.
With 0x40000001, a size of 0x80000000 for the array part is already
justified, so the algorithm tries to go to the next size (0x100000000)
to see if it can fill that, but 0x100000000 overflows 'twotoi',
which is an unsigned integer.