diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2020-08-18 14:48:43 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2020-08-18 14:48:43 -0300 |
| commit | 75ea9ccbea7c4886f30da147fb67b693b2624c26 (patch) | |
| tree | 171be7ee405be5a3a64771116752c74111357a86 | |
| parent | 5027298b46c1e436bc7a007554139a29f34c2971 (diff) | |
| download | lua-v5.3.tar.gz lua-v5.3.tar.bz2 lua-v5.3.zip | |
When "undumping" a long string, the function 'LoadVector' can call the
reader function, which can run the garbage collector, which can collect
the string being read. So, the string must be anchored during the call
to 'LoadVector'. (This commit also fixes the identation in 'l_alloc'.)
| -rw-r--r-- | lauxlib.c | 8 | ||||
| -rw-r--r-- | lundump.c | 10 |
2 files changed, 11 insertions, 7 deletions
| @@ -1013,10 +1013,10 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) { | |||
| 1013 | } | 1013 | } |
| 1014 | else { /* cannot fail when shrinking a block */ | 1014 | else { /* cannot fail when shrinking a block */ |
| 1015 | void *newptr = realloc(ptr, nsize); | 1015 | void *newptr = realloc(ptr, nsize); |
| 1016 | if (newptr == NULL && ptr != NULL && nsize <= osize) | 1016 | if (newptr == NULL && ptr != NULL && nsize <= osize) |
| 1017 | return ptr; /* keep the original block */ | 1017 | return ptr; /* keep the original block */ |
| 1018 | else /* no fail or not shrinking */ | 1018 | else /* no fail or not shrinking */ |
| 1019 | return newptr; /* use the new block */ | 1019 | return newptr; /* use the new block */ |
| 1020 | } | 1020 | } |
| 1021 | } | 1021 | } |
| 1022 | 1022 | ||
| @@ -86,6 +86,7 @@ static lua_Integer LoadInteger (LoadState *S) { | |||
| 86 | 86 | ||
| 87 | 87 | ||
| 88 | static TString *LoadString (LoadState *S, Proto *p) { | 88 | static TString *LoadString (LoadState *S, Proto *p) { |
| 89 | lua_State *L = S->L; | ||
| 89 | size_t size = LoadByte(S); | 90 | size_t size = LoadByte(S); |
| 90 | TString *ts; | 91 | TString *ts; |
| 91 | if (size == 0xFF) | 92 | if (size == 0xFF) |
| @@ -95,13 +96,16 @@ static TString *LoadString (LoadState *S, Proto *p) { | |||
| 95 | else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */ | 96 | else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */ |
| 96 | char buff[LUAI_MAXSHORTLEN]; | 97 | char buff[LUAI_MAXSHORTLEN]; |
| 97 | LoadVector(S, buff, size); | 98 | LoadVector(S, buff, size); |
| 98 | ts = luaS_newlstr(S->L, buff, size); | 99 | ts = luaS_newlstr(L, buff, size); |
| 99 | } | 100 | } |
| 100 | else { /* long string */ | 101 | else { /* long string */ |
| 101 | ts = luaS_createlngstrobj(S->L, size); | 102 | ts = luaS_createlngstrobj(L, size); |
| 103 | setsvalue2s(L, L->top, ts); /* anchor it ('loadVector' can GC) */ | ||
| 104 | luaD_inctop(L); | ||
| 102 | LoadVector(S, getstr(ts), size); /* load directly in final place */ | 105 | LoadVector(S, getstr(ts), size); /* load directly in final place */ |
| 106 | L->top--; /* pop string */ | ||
| 103 | } | 107 | } |
| 104 | luaC_objbarrier(S->L, p, ts); | 108 | luaC_objbarrier(L, p, ts); |
| 105 | return ts; | 109 | return ts; |
| 106 | } | 110 | } |
| 107 | 111 | ||