Re: [BUG] crash in Lua on table insertion

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [BUG] crash in Lua on table insertion
From: Roberto Ierusalimschy <roberto@...>
Date: Thu, 11 May 2017 16:24:29 -0300

> 'twotoi' is overflowing, and then the loop goes wild until a crash, so
> the final 'i' is noise.
> 
> With 0x40000001, a size of 0x80000000 for the array part is already
> justified, so the algorithm tries to go to the next size (0x100000000)
> to see if it can fill that, but 0x100000000 overflows 'twotoi',
> which is an unsigned integer.

The obvious fix seems to be limiting the loop explicitly:

-  for (i = 0, twotoi = 1; *pna > twotoi / 2; i++, twotoi *= 2) {
+  for (i = 0, twotoi = 1; i <= MAXABITS && *pna > twotoi / 2; i++, twotoi *= 2) {

Can you try this fix? If possible, could you report the initial value
of '*pna' and the final value of 'optimal' in the last 10 calls to
'computesizes', with your original test?

Thanks again,

-- Roberto

Follow-Ups:
- Re: [BUG] crash in Lua on table insertion, Viacheslav Usov

References:
- [BUG] crash in Lua on table insertion, Viacheslav Usov
- Re: [BUG] crash in Lua on table insertion, Roberto Ierusalimschy
- Re: [BUG] crash in Lua on table insertion, Viacheslav Usov
- Re: [BUG] crash in Lua on table insertion, Roberto Ierusalimschy

Prev by Date: Re: u-teset: unit testing framework
Next by Date: Re: u-teset: unit testing framework
Previous by thread: Re: [BUG] crash in Lua on table insertion
Next by thread: Re: [BUG] crash in Lua on table insertion
Index(es):
- Date
- Thread