stack overflow in vararg functions + garbage collector in recursive loops

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2013-05-02 13:13:27 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2013-05-02 13:13:27 -0300
commit: 6347004be9bed939416af8a59917eb30d10c1849 (patch)
tree: 26d490dc8c63f45bef1d1f47ebde845835f79bfc
parent: 67532d5a10f9bdc8ed58c6babbce49788ae3be4d (diff)
download: lua-6347004be9bed939416af8a59917eb30d10c1849.tar.gz
lua-6347004be9bed939416af8a59917eb30d10c1849.tar.bz2
lua-6347004be9bed939416af8a59917eb30d10c1849.zip
1 files changed, 70 insertions, 7 deletions
diff --git a/bugs b/bugs
index ea2af432..225f0625 100644
--- a/bugs
+++ b/bugs
@@ -179,13 +179,13 @@ Tue May  2 15:27:58 EST 2000
 ** lparser.c
 Fri May 12 15:11:12 EST 2000
 >> first element in a list constructor is not adjusted to one value
->> (e.g. «a = {gsub('a','a','')}»)
+>> (e.g. Ā«a = {gsub('a','a','')}Ā»)
 (by Tomas; since 4.0a)
 ** lparser.c
 Wed May 24 14:50:16 EST 2000
 >> record-constructor starting with an upvalue name gets an error
->> (e.g. «local a; function f() x = {a=1} end»)
+>> (e.g. Ā«local a; function f() x = {a=1} endĀ»)
 (by Edgar Toernig; since 3.1)
 ** lparser.c
@@ -226,7 +226,7 @@ Wed Sep 27 09:50:19 EST 2000
 ** llex.h / llex.c / lparser.c
 Wed Sep 27 13:39:45 EST 2000
 >> parser overwrites semantic information when looking ahead
->> (e.g. «a = {print'foo'}»)
+>> (e.g. Ā«a = {print'foo'}Ā»)
 (by Edgar Toernig; since 4.0b, deriving from previous bug)
 ** liolib.c
@@ -257,7 +257,7 @@ Thu Feb  1 11:55:45 EDT 2001
 ** ldo.c
 Fri Feb  2 14:06:40 EDT 2001
->> «while 1 dostring[[print('hello\n')]] end» never reclaims memory
+>> Ā«while 1 dostring[[print('hello\n')]] endĀ» never reclaims memory
 (by Andrew Paton; since 4.0b)
 ** lbaselib.c
@@ -1375,7 +1375,7 @@ patch = [[
 Bug{
 what = [[As a library, loadlib.c should not access Lua internals
 (via lobject.h)]],
-report = [[Jérōme Vuarand, on 03/2007]],
+report = [[JĆ©rĆ´me Vuarand, on 03/2007]],
 since = [[5.0]],
 example = [[the bug has no effect on external behavior]],
 patch = [[remove the '#include "lobject.h" and use
@@ -1880,8 +1880,8 @@ patch = [[
 +++ lundump.c   2008/04/04 19:51:41     2.7.1.4
 @@ -1,5 +1,5 @@
 /*
-** $Id: bugs,v 1.119 2012/12/03 20:18:02 roberto Exp roberto $
+-** $Id: bugs,v 1.120 2013/02/07 15:57:47 roberto Exp roberto $
-+** $Id: bugs,v 1.119 2012/12/03 20:18:02 roberto Exp roberto $
+** $Id: bugs,v 1.120 2013/02/07 15:57:47 roberto Exp roberto $
 ** load precompiled Lua chunks
 ** See Copyright Notice in lua.h
 */
@@ -2854,6 +2854,69 @@ patch = [[
 ]]
 }
+Bug{
+what = [[stack overflow in vararg functions with many fixed
+parameters called with few arguments]],
+report = [[äŗ‘é£ˇ, 2013/04/17]],
+since = [[5.1]],
+fix = nil,
+example = [[
+function f(p1, p2, p3, p4, p5, p6, p7, p8, p9, p10,
+           p11, p12, p13, p14, p15, p16, p17, p18, p19, p20,
+           p21, p22, p23, p24, p25, p26, p27, p28, p29, p30,
+           p31, p32, p33, p34, p35, p36, p37, p38, p39, p40,
+           p41, p42, p43, p44, p45, p46, p48, p49, p50, ...)
+  local a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14
+end
+f()   -- seg. fault (on some machines)
+]],
+patch = [[
+--- ldo.c       2012/10/01 14:05:04     2.108
+++ ldo.c       2013/04/19 20:56:06
+@@ -324,7 +324,7 @@
+     case LUA_TLCL: {  /* Lua function: prepare its call */
+       StkId base;
+       Proto *p = clLvalue(func)->p;
+-      luaD_checkstack(L, p->maxstacksize);
+      luaD_checkstack(L, p->maxstacksize + p->numparams);
+       func = restorestack(L, funcr);
+       n = cast_int(L->top - func) - 1;  /* number of real arguments */
+       for (; n < p->numparams; n++)
+]],
+}
+--[=[
+Bug{
+what = [[garbage collector can trigger too many times in recursive loops]],
+report = [[Roberto, 2013/04/25]],
+since = [[5.2.2]],
+fix = nil,
+example = [[
+function f() f() end
+f()   -- it takes too long before a "stack overflow" error
+]],
+patch = [[
+--- lgc.c       2013/04/12 18:48:47     2.140.1.1
+++ lgc.c       2013/04/25 21:30:20
+@@ -495,2 +495,3 @@
+ static lu_mem traversestack (global_State *g, lua_State *th) {
+  int n = 0;
+   StkId o = th->stack;
+@@ -505,3 +506,9 @@
+   }
+-  return sizeof(lua_State) + sizeof(TValue) * th->stacksize;
+  else {  /* count call infos to compute size */
+    CallInfo *ci;
+    for (ci = &th->base_ci; ci != th->ci; ci = ci->next)
+      n++;
+  }
+  return sizeof(lua_State) + sizeof(TValue) * th->stacksize +
+         sizeof(CallInfo) * n;
+ }
+]]
+}
 --[=[
 Bug{
 what = [[ ]],
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2013-05-02 13:13:27 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2013-05-02 13:13:27 -0300
commit	6347004be9bed939416af8a59917eb30d10c1849 (patch)
tree	26d490dc8c63f45bef1d1f47ebde845835f79bfc
parent	67532d5a10f9bdc8ed58c6babbce49788ae3be4d (diff)
download	lua-6347004be9bed939416af8a59917eb30d10c1849.tar.gz lua-6347004be9bed939416af8a59917eb30d10c1849.tar.bz2 lua-6347004be9bed939416af8a59917eb30d10c1849.zip

diff --git a/bugs b/bugs index ea2af432..225f0625 100644 --- a/bugs +++ b/bugs
@@ -179,13 +179,13 @@ Tue May 2 15:27:58 EST 2000
179	** lparser.c	179	** lparser.c
180	Fri May 12 15:11:12 EST 2000	180	Fri May 12 15:11:12 EST 2000
181	>> first element in a list constructor is not adjusted to one value	181	>> first element in a list constructor is not adjusted to one value
182	>> (e.g. «a = {gsub('a','a','')}»)	182	>> (e.g. Ā«a = {gsub('a','a','')}Ā»)
183	(by Tomas; since 4.0a)	183	(by Tomas; since 4.0a)
184		184
185	** lparser.c	185	** lparser.c
186	Wed May 24 14:50:16 EST 2000	186	Wed May 24 14:50:16 EST 2000
187	>> record-constructor starting with an upvalue name gets an error	187	>> record-constructor starting with an upvalue name gets an error
188	>> (e.g. «local a; function f() x = {a=1} end»)	188	>> (e.g. Ā«local a; function f() x = {a=1} endĀ»)
189	(by Edgar Toernig; since 3.1)	189	(by Edgar Toernig; since 3.1)
190		190
191	** lparser.c	191	** lparser.c
@@ -226,7 +226,7 @@ Wed Sep 27 09:50:19 EST 2000
226	** llex.h / llex.c / lparser.c	226	** llex.h / llex.c / lparser.c
227	Wed Sep 27 13:39:45 EST 2000	227	Wed Sep 27 13:39:45 EST 2000
228	>> parser overwrites semantic information when looking ahead	228	>> parser overwrites semantic information when looking ahead
229	>> (e.g. «a = {print'foo'}»)	229	>> (e.g. Ā«a = {print'foo'}Ā»)
230	(by Edgar Toernig; since 4.0b, deriving from previous bug)	230	(by Edgar Toernig; since 4.0b, deriving from previous bug)
231		231
232	** liolib.c	232	** liolib.c
@@ -257,7 +257,7 @@ Thu Feb 1 11:55:45 EDT 2001
257		257
258	** ldo.c	258	** ldo.c
259	Fri Feb 2 14:06:40 EDT 2001	259	Fri Feb 2 14:06:40 EDT 2001
260	>> «while 1 dostring[[print('hello\n')]] end» never reclaims memory	260	>> Ā«while 1 dostring[[print('hello\n')]] endĀ» never reclaims memory
261	(by Andrew Paton; since 4.0b)	261	(by Andrew Paton; since 4.0b)
262		262
263	** lbaselib.c	263	** lbaselib.c
@@ -1375,7 +1375,7 @@ patch = [[
1375	Bug{	1375	Bug{
1376	what = [[As a library, loadlib.c should not access Lua internals	1376	what = [[As a library, loadlib.c should not access Lua internals
1377	(via lobject.h)]],	1377	(via lobject.h)]],
1378	report = [[Jérōme Vuarand, on 03/2007]],	1378	report = [[JĆ©rĆ´me Vuarand, on 03/2007]],
1379	since = [[5.0]],	1379	since = [[5.0]],
1380	example = [[the bug has no effect on external behavior]],	1380	example = [[the bug has no effect on external behavior]],
1381	patch = [[remove the '#include "lobject.h" and use	1381	patch = [[remove the '#include "lobject.h" and use
@@ -1880,8 +1880,8 @@ patch = [[
1880	+++ lundump.c 2008/04/04 19:51:41 2.7.1.4	1880	+++ lundump.c 2008/04/04 19:51:41 2.7.1.4
1881	@@ -1,5 +1,5 @@	1881	@@ -1,5 +1,5 @@
1882	/*	1882	/*
1883	-** $Id: bugs,v 1.119 2012/12/03 20:18:02 roberto Exp roberto $	1883	-** $Id: bugs,v 1.120 2013/02/07 15:57:47 roberto Exp roberto $
1884	+** $Id: bugs,v 1.119 2012/12/03 20:18:02 roberto Exp roberto $	1884	+** $Id: bugs,v 1.120 2013/02/07 15:57:47 roberto Exp roberto $
1885	** load precompiled Lua chunks	1885	** load precompiled Lua chunks
1886	** See Copyright Notice in lua.h	1886	** See Copyright Notice in lua.h
1887	*/	1887	*/
@@ -2854,6 +2854,69 @@ patch = [[
2854	]]	2854	]]
2855	}	2855	}
2856		2856
		2857	Bug{
		2858	what = [[stack overflow in vararg functions with many fixed
		2859	parameters called with few arguments]],
		2860	report = [[äŗ‘é£ˇ, 2013/04/17]],
		2861	since = [[5.1]],
		2862	fix = nil,
		2863	example = [[
		2864	function f(p1, p2, p3, p4, p5, p6, p7, p8, p9, p10,
		2865	p11, p12, p13, p14, p15, p16, p17, p18, p19, p20,
		2866	p21, p22, p23, p24, p25, p26, p27, p28, p29, p30,
		2867	p31, p32, p33, p34, p35, p36, p37, p38, p39, p40,
		2868	p41, p42, p43, p44, p45, p46, p48, p49, p50, ...)
		2869	local a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14
		2870	end
		2871
		2872	f() -- seg. fault (on some machines)
		2873	]],
		2874	patch = [[
		2875	--- ldo.c 2012/10/01 14:05:04 2.108
		2876	+++ ldo.c 2013/04/19 20:56:06
		2877	@@ -324,7 +324,7 @@
		2878	case LUA_TLCL: { /* Lua function: prepare its call */
		2879	StkId base;
		2880	Proto *p = clLvalue(func)->p;
		2881	- luaD_checkstack(L, p->maxstacksize);
		2882	+ luaD_checkstack(L, p->maxstacksize + p->numparams);
		2883	func = restorestack(L, funcr);
		2884	n = cast_int(L->top - func) - 1; /* number of real arguments */
		2885	for (; n < p->numparams; n++)
		2886	]],
		2887	}
		2888
		2889	--[=[
		2890	Bug{
		2891	what = [[garbage collector can trigger too many times in recursive loops]],
		2892	report = [[Roberto, 2013/04/25]],
		2893	since = [[5.2.2]],
		2894	fix = nil,
		2895	example = [[
		2896	function f() f() end
		2897	f() -- it takes too long before a "stack overflow" error
		2898	]],
		2899	patch = [[
		2900	--- lgc.c 2013/04/12 18:48:47 2.140.1.1
		2901	+++ lgc.c 2013/04/25 21:30:20
		2902	@@ -495,2 +495,3 @@
		2903	static lu_mem traversestack (global_State g, lua_State th) {
		2904	+ int n = 0;
		2905	StkId o = th->stack;
		2906	@@ -505,3 +506,9 @@
		2907	}
		2908	- return sizeof(lua_State) + sizeof(TValue) * th->stacksize;
		2909	+ else { /* count call infos to compute size */
		2910	+ CallInfo *ci;
		2911	+ for (ci = &th->base_ci; ci != th->ci; ci = ci->next)
		2912	+ n++;
		2913	+ }
		2914	+ return sizeof(lua_State) + sizeof(TValue) * th->stacksize +
		2915	+ sizeof(CallInfo) * n;
		2916	}
		2917	]]
		2918	}
		2919
2857	--[=[	2920	--[=[
2858	Bug{	2921	Bug{
2859	what = [[ ]],	2922	what = [[ ]],