[[email protected]: bug]

Tue, 31 Jul 2007 13:23:57 -0700 

Proposed fix inline.

-p.

----- Forwarded message from Roberto Ierusalimschy <[EMAIL PROTECTED]> -----

Date: Tue, 31 Jul 2007 16:23:06 -0300
To: Lua list <[EMAIL PROTECTED]>
Subject: bug
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Roberto Ierusalimschy <[EMAIL PROTECTED]>
Reply-To: Lua list <[EMAIL PROTECTED]>

Mike Pall just reported the following bug:

> $ ulimit -s 1024       # Reduce C stack to 1MB for quicker results
> $ lua -e 'local s = "a,"; for i=1,18 do s = s..s end print(loadstring("local 
> a"..s.."a=nil", ""))'
> Segmentation fault
> $
> 
> The problem is in lparser.c:assignment(). The RHS parser checks for
> overflow (in luaK_*, limit MAXSTACK). Unfortunately the LHS parser needs
> to complete first and has no such overflow check.  This can blow up the
> C stack easily (especially on embedded platforms).

The patch is two lines in lparser.c:

@@ -938,6 +938,8 @@
     primaryexp(ls, &nv.v);
     if (nv.v.k == VLOCAL)
       check_conflict(ls, lh, &nv.v);
+    luaY_checklimit(ls->fs, ls->L->nCcalls + nvars, LUAI_MAXCCALLS,
+                    "variable names");
     assignment(ls, &nv, nvars+1);
   }
   else {  /* assignment -> `=' explist1 */


-- Roberto

----- End forwarded message -----

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/lua/Makefile,v
retrieving revision 1.29
diff -u -r1.29 Makefile
--- Makefile    3 Apr 2007 07:05:06 -0000       1.29
+++ Makefile    31 Jul 2007 20:14:40 -0000
@@ -3,6 +3,7 @@
 COMMENT=       "powerful, light-weight programming language"
 
 DISTNAME=      lua-5.1.2
+PKGNAME=       ${DISTNAME}p0
 CATEGORIES=    lang
 
 MASTER_SITES=  http://www.lua.org/ftp/ \
Index: patches/patch-src_lparser_c
===================================================================
RCS file: patches/patch-src_lparser_c
diff -N patches/patch-src_lparser_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_lparser_c 31 Jul 2007 20:14:40 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/lparser.c.orig Tue Jul 31 02:55:45 2007
++++ src/lparser.c      Tue Jul 31 02:57:35 2007
+@@ -938,6 +938,8 @@ static void assignment (LexState *ls, struct LHS_assig
+     primaryexp(ls, &nv.v);
+     if (nv.v.k == VLOCAL)
+       check_conflict(ls, lh, &nv.v);
++    luaY_checklimit(ls->fs, ls->L->nCcalls + nvars, LUAI_MAXCCALLS,
++                    "variable names");
+     assignment(ls, &nv, nvars+1);
+   }
+   else {  /* assignment -> `=' explist1 */

Reply via email to