lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> Lua 5.1.3  Copyright (C) 1994-2008, PUC-Rio
> > j = 1e4
> > co = coroutine.create(function() t = {} for i = 1, j do t[i] = i end return unpack(t) end)
> > print(coroutine.resume(co))
> Segmentation fault
> this appears to only happen in Lua 5.1.3, 5.1.2 correctly catches this:
> [...]

It seems to be (at least) two bugs here. The first one is that
'auxresume' checks the stack for 'narg' values and pushes those 'narg'
values, but then luaB_coresume pushes yet another value ('true'),
overflowing the stack.  (Lua 5.1.2 also has this bug, but it needs a
different 'j'.)

The second bug is much more serious: following a suggestion from Reuben
Tomas, we increased the limit for the C stack. But we forgot to adjust
the values of LUA_REGISTRYINDEX and the like, so negative stack indices
may overlap with these values, with disastrous consequences.

-- Roberto