diff options
| author | Roberto I <roberto@inf.puc-rio.br> | 2026-01-04 16:31:17 -0300 |
|---|---|---|
| committer | Roberto I <roberto@inf.puc-rio.br> | 2026-01-04 16:31:17 -0300 |
| commit | 45c7ae5b1b05069543fe1710454c651350bc1c42 (patch) | |
| tree | 1bb4c319d5223e43dff513d2b488be368f10ea4a | |
| parent | 962f444a755882ecfc24ca7e96ffe193d64ed12d (diff) | |
| download | lua-45c7ae5b1b05069543fe1710454c651350bc1c42.tar.gz lua-45c7ae5b1b05069543fe1710454c651350bc1c42.tar.bz2 lua-45c7ae5b1b05069543fe1710454c651350bc1c42.zip | |
BUG: Possible overflow in 'string.packsize'
'string.packsize' can overflow result in 32-bit machines using 64-bit
integers, as LUA_MAXINTEGER may not fit into size_t.
| -rw-r--r-- | lstrlib.c | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -1726,7 +1726,7 @@ static int str_packsize (lua_State *L) { | |||
| 1726 | luaL_argcheck(L, opt != Kstring && opt != Kzstr, 1, | 1726 | luaL_argcheck(L, opt != Kstring && opt != Kzstr, 1, |
| 1727 | "variable-length format"); | 1727 | "variable-length format"); |
| 1728 | size += ntoalign; /* total space used by option */ | 1728 | size += ntoalign; /* total space used by option */ |
| 1729 | luaL_argcheck(L, totalsize <= LUA_MAXINTEGER - size, | 1729 | luaL_argcheck(L, totalsize <= MAX_SIZE - size, |
| 1730 | 1, "format result too large"); | 1730 | 1, "format result too large"); |
| 1731 | totalsize += size; | 1731 | totalsize += size; |
| 1732 | } | 1732 | } |