Re: Upgrading Lua 5.4.2 to 5.4.3+ in a C++ project leads to PANIC

[Aleksandr Zenkov <webmaster@...>]

Thank you for the reply.

Actually no, the Lua script is loaded all the time during runtime. The 
Lua functions within the script are called using lua_getglobal, here is 
the exact C++ caller function:

https://github.com/Verlihub/verlihub/blob/master/plugins/lua/cluainterpreter.cpp#L247

Then stack is being checked using lua_isnil for nil, meaning that 
function does not exist. It's here the actual crash is happening using 
Lua 5.4.3 and above. Once I add the called function to my Lua script, 
the application doesn't crash. With Lua 5.4.2 and older it never 
crashed, regardless the presence of globals defined in the script.

Regards.

On 2022-12-03 07:30, bil til wrote:
> Am Fr., 2. Dez. 2022 um 19:41 Uhr schrieb Aleksandr Zenkov
> <webmaster@feardc.net>:
>
> Thank you for detail infos , sounds like an interesting and
> challenging "coroutine/threading" application.
>
> > So my next question is.. What type of security change was made in Lua
> > 5.4.3 to start panicking once a C++ code tried to call a piece of Lua
> > code that does not exist? I mean, such a security checks never existed
> But can you explain in more detail, how a user could try to "call a
> piece of Lua that does not exist"?
>
> You mean, run to the end of the main program by some label ::End::, as
> e. g. "goto End", and then Lua finished and somehow "runs into
> Nirwana"?
>
> Or you mean, invoking some C function from Lua, and this C function
> then would invoke Lua Code which does not exist / possibly mixing up
> the Lua stack? (but in this case you usually can be happy if such a
> panic message would appear I think...)