tonumber fails with overflow where lexical parser does not

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: tonumber fails with overflow where lexical parser does not
From: Payo Nel <payonel@...>
Date: Thu, 26 Mar 2020 17:11:25 +0000

Lua's lexical parser and lua_stringtonumber invoke luaO_str2int which correctly handles overflow (by falling back to a number (float) as opposed to integer). This is good.

However, tonumber(s[, radix]) uses its own str2int handler, which does not guard from overflow. The manual's description of tonumber says it follows the lexical rules, and that when gives a radix, the string must represent an integer. This has no mention of overflow

The lexical rules do not mention overflow: https://www.lua.org/manual/5.3/manual.html#3.1

Lua 5.3 Reference Manual

lua_checkstack [-0, +0, –] int lua_checkstack (lua_State *L, int n); Ensures that the stack has space for at least n extra slots (that is, that you can safely push up to n values into it). It returns false if it cannot fulfill the request, either because it would cause the stack to be larger than a fixed maximum size (typically at least several thousand elements) or because it cannot ...

www.lua.org

Thus, if tonumber(s, radix) must be:

an integer
follow lexical rules

Then an overflow should return nil, and not an overflow-value.

on lua with 64bit integers:

repro:

local function nil_or_match( text, number )

local result = tonumber(text, 10)

assert( result == nil or result == number)

end

nil_or_match('9223372036854775807', 9223372036854775807) // pass

nil_or_match('9223372036854775808', 9223372036854775808) // fail

expected:

either the tonumber is successful with the expected value, or we get a safe failure

actual:

tonumber returns -9223372036854775808

proposed fix:

There could be a lua_Integer max value check before the unsigned->signed conversion here: https://github.com/lua/lua/blob/master/lbaselib.c#L76

lua/lbaselib.c at master · lua/lua · GitHub

Dismiss Join GitHub today. GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

github.com

PS: I'm still hoping someone takes a lot at my first bug report: http://lua-users.org/lists/lua-l/2020-03/msg00021.html

load failures call user-defined errfunc from inside xpcall

context: 1. load, pcall, and xpcall are protected calls; they do not throw 2. only xpcall allows a user defined errfunc (error msg handler) 3. load can take a "reader ...

lua-users.org

Prev by Date: Re: PUC extensions to Luaproc -- public availability?
Next by Date: lexical parse of hex literal fails to handle overflow: lua 5.3 and 5.4-alpha
Previous by thread: Re: [Windows] How to compile LuaRocks with Lua 5.3.5?
Next by thread: lexical parse of hex literal fails to handle overflow: lua 5.3 and 5.4-alpha
Index(es):
- Date
- Thread