debug.sethook/gethook may overflow the thread's stack

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2008-01-21 12:41:19 -0200
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2008-01-21 12:41:19 -0200
commit: 3a515df086d952e320991e7d7c64fadf9c5364e2 (patch)
tree: b25967c41c5d7a65d6d3867d55590bd0b0b4c162
parent: 74897bc52f07d416c717edeb1e26e75d62e937dd (diff)
download: lua-3a515df086d952e320991e7d7c64fadf9c5364e2.tar.gz
lua-3a515df086d952e320991e7d7c64fadf9c5364e2.tar.bz2
lua-3a515df086d952e320991e7d7c64fadf9c5364e2.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/bugs b/bugs
index 8254da03..8943a56b 100644
--- a/bugs
+++ b/bugs
@@ -1637,6 +1637,52 @@ lua.c:
 }
 Bug{
+what = [[debug.sethook/gethook may overflow the thread's stack]],
+report = [[Ivko Stanilov, on 2008/01/04]],
+since = [[5.1]],
+example = [[
+a = coroutine.create(function() yield() end) 
+coroutine.resume(a)
+debug.sethook(a)      -- may overflow the stack of 'a'
+]],
+patch = [[ ]],
+ldblib.c:
+@@ -268,12 +268,11 @@
+     count = luaL_optint(L, arg+3, 0);
+     func = hookf; mask = makemask(smask, count);
+   }
+-  gethooktable(L1);
+-  lua_pushlightuserdata(L1, L1);
+  gethooktable(L);
+  lua_pushlightuserdata(L, L1);
+   lua_pushvalue(L, arg+1);
+-  lua_xmove(L, L1, 1);
+-  lua_rawset(L1, -3);  /* set new hook */
+-  lua_pop(L1, 1);  /* remove hook table */
+  lua_rawset(L, -3);  /* set new hook */
+  lua_pop(L, 1);  /* remove hook table */
+   lua_sethook(L1, func, mask, count);  /* set hooks */
+   return 0;
+ }
+@@ -288,11 +287,10 @@
+   if (hook != NULL && hook != hookf)  /* external hook? */
+     lua_pushliteral(L, "external hook");
+   else {
+-    gethooktable(L1);
+-    lua_pushlightuserdata(L1, L1);
+-    lua_rawget(L1, -2);   /* get hook */
+-    lua_remove(L1, -2);  /* remove hook table */
+-    lua_xmove(L1, L, 1);
+    gethooktable(L);
+    lua_pushlightuserdata(L, L1);
+    lua_rawget(L, -2);   /* get hook */
+    lua_remove(L, -2);  /* remove hook table */
+   }
+   lua_pushstring(L, unmakemask(mask, buff));
+   lua_pushinteger(L, lua_gethookcount(L1));
+}
+Bug{
 what = [[ ]],
 report = [[ , on ]],
 since = [[i ]],
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2008-01-21 12:41:19 -0200
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2008-01-21 12:41:19 -0200
commit	3a515df086d952e320991e7d7c64fadf9c5364e2 (patch)
tree	b25967c41c5d7a65d6d3867d55590bd0b0b4c162
parent	74897bc52f07d416c717edeb1e26e75d62e937dd (diff)
download	lua-3a515df086d952e320991e7d7c64fadf9c5364e2.tar.gz lua-3a515df086d952e320991e7d7c64fadf9c5364e2.tar.bz2 lua-3a515df086d952e320991e7d7c64fadf9c5364e2.zip

diff --git a/bugs b/bugs index 8254da03..8943a56b 100644 --- a/bugs +++ b/bugs
@@ -1637,6 +1637,52 @@ lua.c:
1637	}	1637	}
1638		1638
1639	Bug{	1639	Bug{
		1640	what = [[debug.sethook/gethook may overflow the thread's stack]],
		1641	report = [[Ivko Stanilov, on 2008/01/04]],
		1642	since = [[5.1]],
		1643	example = [[
		1644	a = coroutine.create(function() yield() end)
		1645	coroutine.resume(a)
		1646	debug.sethook(a) -- may overflow the stack of 'a'
		1647	]],
		1648	patch = [[ ]],
		1649	ldblib.c:
		1650	@@ -268,12 +268,11 @@
		1651	count = luaL_optint(L, arg+3, 0);
		1652	func = hookf; mask = makemask(smask, count);
		1653	}
		1654	- gethooktable(L1);
		1655	- lua_pushlightuserdata(L1, L1);
		1656	+ gethooktable(L);
		1657	+ lua_pushlightuserdata(L, L1);
		1658	lua_pushvalue(L, arg+1);
		1659	- lua_xmove(L, L1, 1);
		1660	- lua_rawset(L1, -3); /* set new hook */
		1661	- lua_pop(L1, 1); /* remove hook table */
		1662	+ lua_rawset(L, -3); /* set new hook */
		1663	+ lua_pop(L, 1); /* remove hook table */
		1664	lua_sethook(L1, func, mask, count); /* set hooks */
		1665	return 0;
		1666	}
		1667	@@ -288,11 +287,10 @@
		1668	if (hook != NULL && hook != hookf) /* external hook? */
		1669	lua_pushliteral(L, "external hook");
		1670	else {
		1671	- gethooktable(L1);
		1672	- lua_pushlightuserdata(L1, L1);
		1673	- lua_rawget(L1, -2); /* get hook */
		1674	- lua_remove(L1, -2); /* remove hook table */
		1675	- lua_xmove(L1, L, 1);
		1676	+ gethooktable(L);
		1677	+ lua_pushlightuserdata(L, L1);
		1678	+ lua_rawget(L, -2); /* get hook */
		1679	+ lua_remove(L, -2); /* remove hook table */
		1680	}
		1681	lua_pushstring(L, unmakemask(mask, buff));
		1682	lua_pushinteger(L, lua_gethookcount(L1));
		1683	}
		1684
		1685	Bug{
1640	what = [[ ]],	1686	what = [[ ]],
1641	report = [[ , on ]],	1687	report = [[ , on ]],
1642	since = [[i ]],	1688	since = [[i ]],