 |
lua-l archive |
|
|
||
|
Hi, I tried the POC with the latest commit of lua and it seems the problem is gone. Has the problem been fixed? If so I can restart testing Lua. Best, Yongheng From: Roberto Ierusalimschy > >>>>> "Yongheng" == Yongheng Chen <changochen1@gmail.com> writes: > > Yongheng> The original POC that can crash a default build lua ( just > Yongheng> run make on Linux) is: > > Yongheng> function errfunc() end function test() > Yongheng> xpcall(test, coroutine.wrap(function() print(xpcall(test, errfunc)) end)) > Yongheng> end coroutine.wrap(function() print(xpcall(test, errfunc)) end)() > > So surely this, in lua_resume, can't possibly be right: > > L->nCcalls = getCcalls(from) + from->nci - L->nci - CSTACKCF; > > We get here when the stack overflow error trips the first time and we > try and resume the wrapped coroutine which is supplied as the error > handling function. getCcalls(from) is correctly below CSTACKMARK, since > we're in stack error handling, but from->nci is large (~1900) reflecting > the large number of active stack frames. I get that _unused_ CallInfos > are already accounted for in getCcalls (so that it need only be checked > when new CallInfos are allocated), but here its adding a number > reflecting the _used_ CallInfos, which is surely wrong. (L->nci is 0 > because the coroutine has no CallInfos yet.) You are right (as usual :-). (A small detail: I think it is not adding the number of used CallInfos, but the total number of CallInfos, used plus unused.) A conservative fix would be not to add anything to getCcalls(from). -- Roberto |