BUG: compiler can optimize away overflow check in 'table.unpack'

1 files changed, 6 insertions, 4 deletions

diff --git a/ltablib.c b/ltablib.c
index ad798b4e..56abfe1c 100644
--- a/ltablib.c
+++ b/ltablib.c
@@ -1,10 +1,11 @@
 /*
-** $Id: ltablib.c,v 1.65 2013/03/07 18:17:24 roberto Exp $
+** $Id: ltablib.c,v 1.65.1.1 2013/04/12 18:48:47 roberto Exp roberto $
 ** Library for Table Manipulation
 ** See Copyright Notice in lua.h
 */
 
 
+#include <limits.h>
 #include <stddef.h>
 
 #define ltablib_c
@@ -134,13 +135,14 @@ static int pack (lua_State *L) {
 
 
 static int unpack (lua_State *L) {
-  int i, e, n;
+  int i, e;
+  unsigned int n;
   luaL_checktype(L, 1, LUA_TTABLE);
   i = luaL_optint(L, 2, 1);
   e = luaL_opt(L, luaL_checkint, 3, luaL_len(L, 1));
   if (i > e) return 0;  /* empty range */
-  n = e - i + 1;  /* number of elements */
-  if (n <= 0 || !lua_checkstack(L, n))  /* n <= 0 means arith. overflow */
+  n = (unsigned int)e - (unsigned int)i;  /* number of elements minus 1 */
+  if (n > (INT_MAX - 10) || !lua_checkstack(L, ++n))
     return luaL_error(L, "too many results to unpack");
   lua_rawgeti(L, 1, i);  /* push arg[i] (avoiding overflow problems) */
   while (i++ < e)  /* push arg[i + 1...e] */