diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2021-12-15 11:29:07 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2021-12-15 11:29:07 -0300 |
| commit | cf613cdc6fa367257fc61c256f63d917350858b5 (patch) | |
| tree | e35a035361f5e049494113a2cb3ad73c8629f260 | |
| parent | 066e0f93c4901e601d93e31fb700f8f66f95feb8 (diff) | |
| download | lua-cf613cdc6fa367257fc61c256f63d917350858b5.tar.gz lua-cf613cdc6fa367257fc61c256f63d917350858b5.tar.bz2 lua-cf613cdc6fa367257fc61c256f63d917350858b5.zip | |
Bug: finalizers can be called with an invalid stack
The call to 'checkstackGC' can run finalizers, which will find an
inconsistent CallInfo, as 'ci' is half updated at the point of call.
| -rw-r--r-- | ldo.c | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -530,10 +530,10 @@ int luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func, | |||
| 530 | int fsize = p->maxstacksize; /* frame size */ | 530 | int fsize = p->maxstacksize; /* frame size */ |
| 531 | int nfixparams = p->numparams; | 531 | int nfixparams = p->numparams; |
| 532 | int i; | 532 | int i; |
| 533 | checkstackGCp(L, fsize - delta, func); | ||
| 533 | ci->func -= delta; /* restore 'func' (if vararg) */ | 534 | ci->func -= delta; /* restore 'func' (if vararg) */ |
| 534 | for (i = 0; i < narg1; i++) /* move down function and arguments */ | 535 | for (i = 0; i < narg1; i++) /* move down function and arguments */ |
| 535 | setobjs2s(L, ci->func + i, func + i); | 536 | setobjs2s(L, ci->func + i, func + i); |
| 536 | checkstackGC(L, fsize); | ||
| 537 | func = ci->func; /* moved-down function */ | 537 | func = ci->func; /* moved-down function */ |
| 538 | for (; narg1 <= nfixparams; narg1++) | 538 | for (; narg1 <= nfixparams; narg1++) |
| 539 | setnilvalue(s2v(func + narg1)); /* complete missing arguments */ | 539 | setnilvalue(s2v(func + narg1)); /* complete missing arguments */ |