lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi,

 

I tried the POC with the latest commit of lua and it seems the problem is gone. Has the problem been fixed? If so I can restart testing Lua.

 

Best,

Yongheng

 

From: Roberto Ierusalimschy
Sent: Friday, July 10, 2020 3:46 PM
To: Lua mailing list
Subject: Re: Stack overflow in luaO_pushvfstring

 

> >>>>> "Yongheng" == Yongheng Chen <changochen1@gmail.com> writes:

>

>  Yongheng> The original POC that can crash a default build lua ( just

>  Yongheng> run make on Linux) is:

>

>  Yongheng> function errfunc() end function test()

>  Yongheng>     xpcall(test, coroutine.wrap(function() print(xpcall(test, errfunc)) end))

>  Yongheng>         end coroutine.wrap(function() print(xpcall(test, errfunc)) end)()

>

> So surely this, in lua_resume, can't possibly be right:

>

>         L->nCcalls = getCcalls(from) + from->nci - L->nci - CSTACKCF;

>

> We get here when the stack overflow error trips the first time and we

> try and resume the wrapped coroutine which is supplied as the error

> handling function. getCcalls(from) is correctly below CSTACKMARK, since

> we're in stack error handling, but from->nci is large (~1900) reflecting

> the large number of active stack frames. I get that _unused_ CallInfos

> are already accounted for in getCcalls (so that it need only be checked

> when new CallInfos are allocated), but here its adding a number

> reflecting the _used_ CallInfos, which is surely wrong. (L->nci is 0

> because the coroutine has no CallInfos yet.)

 

You are right (as usual :-). (A small detail: I think it is not adding

the number of used CallInfos, but the total number of CallInfos, used

plus unused.) A conservative fix would be not to add anything to

getCcalls(from).

 

-- Roberto