Hi,
An assertion failure is found by fuzzing in lua (version 5.4.4, git commit: 5d708c3f9cae12820e415d4f89c9eacbe2ab964b.)
poc.lua:
---
for i = 0, 0 do
local function f(...)
_ENV[i], a = 0
return #_ENV
end
f((0 % f((0))))
end
---
When building with assertion on and execute "./lua poc.lua", we have the following bt:
---
#2 0x00007ffff625c3fa in __assert_fail_base (
fmt=0x7ffff63e36c0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0x555555611ac0 "(((((uv)->v.p != &(uv)->u.value)) ? (void) (0) : __assert_fail (\"((uv)->v.p != &(uv)->u.value)\", \"lfunc.c\", 198, __extension__ __PRETTY_FUNCTION__)), (((StkId)((uv)->v.p)))) < L->top.p", file=file@entry=0x555555611740 "lfunc.c", line=line@entry=0xc6,
function=function@entry=0x555555611ee0 <__PRETTY_FUNCTION__.4122> "luaF_closeupval") at assert.c:92
#3 0x00007ffff625c472 in __GI___assert_fail (
assertion=0x555555611ac0 "(((((uv)->v.p != &(uv)->u.value)) ? (void) (0) : __assert_fail (\"((uv)->v.p != &(uv)->u.value)\", \"lfunc.c\", 198, __extension__ __PRETTY_FUNCTION__)), (((StkId)((uv)->v.p)))) < L->top.p", file=0x555555611740 "lfunc.c", line=0xc6,
function=0x555555611ee0 <__PRETTY_FUNCTION__.4122> "luaF_closeupval") at assert.c:101
#4 0x000055555559d10e in luaF_closeupval ()
#5 0x000055555559d227 in luaF_close ()
#6 0x00005555555941ab in luaD_rawrunprotected ()
#7 0x0000555555599bfc in luaD_closeprotected ()
#8 0x0000555555599e7d in luaD_pcall ()
#9 0x0000555555589adb in lua_pcallk ()
#10 0x000055555557d09b in docall ()
#11 0x000055555557e406 in pmain ()
#12 0x0000555555597c6b in luaD_precall ()
#13 0x0000555555598dff in luaD_callnoyield ()
#14 0x00005555555941ab in luaD_rawrunprotected ()
#15 0x0000555555599e01 in luaD_pcall ()
#16 0x0000555555589adb in lua_pcallk ()
#17 0x000055555557c5b7 in main ()
---
Without assertion on, lua throws an error:
---
lua: poc.lua:5: attempt to perform 'n%0'
stack traceback:
poc.lua:5: in main chunk
[C]: in ?
---
--
Best Wishes,
Yongheng Chen