Re: [BUG] crash in Lua on table insertion

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [BUG] crash in Lua on table insertion
From: Roberto Ierusalimschy <roberto@...>
Date: Thu, 11 May 2017 11:06:12 -0300

> On Thu, May 11, 2017 at 2:49 PM, Roberto Ierusalimschy <
> roberto@inf.puc-rio.br> wrote:
> 
> >  My machine does not have enough memory to reproduce the bug. Can you
> give me the value of '*pna' when 'computesizes' is called?
> 
> *pna = 0x40000001.
> twotoi = 0
> a = 0xccd4bc95
> na = 0xccd4bc95
> optimal = 0
> i = 1832

Many thanks.

> Note the value of i I gave previously was different. So the other things
> might also be different, except that I am pretty sure *pna is always
> 0x40000001.

'twotoi' is overflowing, and then the loop goes wild until a crash, so
the final 'i' is noise.

With 0x40000001, a size of 0x80000000 for the array part is already
justified, so the algorithm tries to go to the next size (0x100000000)
to see if it can fill that, but 0x100000000 overflows 'twotoi',
which is an unsigned integer.

-- Roberto

Follow-Ups:
- Re: [BUG] crash in Lua on table insertion, Roberto Ierusalimschy

References:
- [BUG] crash in Lua on table insertion, Viacheslav Usov
- Re: [BUG] crash in Lua on table insertion, Roberto Ierusalimschy
- Re: [BUG] crash in Lua on table insertion, Viacheslav Usov

Prev by Date: Re: [BUG] crash in Lua on table insertion
Next by Date: Re: [ANN] AbsTK – a widget toolkit for GUI and TUI applications
Previous by thread: Re: [BUG] crash in Lua on table insertion
Next by thread: Re: [BUG] crash in Lua on table insertion
Index(es):
- Date
- Thread