 |
lua-l archive |
|
|
||
|
On 13/12/2018 00.08, Daurnimator wrote:> I have had this sitting in my drafts for over a year, I think this is
the same bug?:
The overflow is in https://www.lua.org/source/5.3/llex.c.html#skip_sep
Generate test file:
local f = assert(io.open("bug.lua", "w"))
local step = 1<<20
assert(f:write("--["))
local eq = string.rep("=", step)
for i=1, 2<<31, step do
assert(f:write(eq))
end
assert(f:write("["))
f:close()
_Maybe_, although long comments didn't cause problems in my tests (as in
it properly skipped the comment and ASAN didn't complain.) And I think
it's the computation in read_long_string just below where it goes
seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + (2 + sep),
luaZ_bufflen(ls->buff) - 2*(2 + sep));
because it's only ++'ing in skip_sep and 0x3ffffffe still fits (tho
yours doesn't).