Re: Bug: long strings with REALLY long delimiters…

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bug: long strings with REALLY long delimiters…
From: Roberto Ierusalimschy <roberto@...>
Date: Thu, 13 Dec 2018 14:14:50 -0200

> _Maybe_, although long comments didn't cause problems in my tests (as in
> it properly skipped the comment and ASAN didn't complain.)  And I think
> it's the computation in read_long_string just below where it goes
> 
> seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + (2 + sep),
>                                  luaZ_bufflen(ls->buff) - 2*(2 + sep));
> 
> because it's only ++'ing in skip_sep and 0x3ffffffe still fits (tho
> yours doesn't).

Right. More exactly, the overflow is in the computation 2*(2 + sep).
With 'sep' being 0x3ffffffe, this expression results in 0x80000000,
which wraps to a negative number and then is added (instead of being
subtracted) to the buffer length.

Strangely, neither gcc nor clang, with option '-ftrapv', detected
this overflow.

Instead of using a larger type to count 'sep', it seems easier to just
limit the maximum number of '=' in a long bracket. I don't think people
will mind a limit of 1000.

-- Roberto

Follow-Ups:
- Re: Bug: long strings with REALLY long delimiters…, Egor Skriptunoff
- Re: Bug: long strings with REALLY long delimiters…, nobody

References:
- Bug: long strings with REALLY long delimiters…, nobody
- Re: Bug: long strings with REALLY long delimiters…, Daurnimator
- Re: Bug: long strings with REALLY long delimiters…, nobody

Prev by Date: Re: Lua with Javascript like sintax LJS
Next by Date: Re: Bug: long strings with REALLY long delimiters…
Previous by thread: Re: Bug: long strings with REALLY long delimiters…
Next by thread: Re: Bug: long strings with REALLY long delimiters…
Index(es):
- Date
- Thread