aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoberto Ierusalimschy <roberto@inf.puc-rio.br>2024-06-24 12:03:59 -0300
committerRoberto Ierusalimschy <roberto@inf.puc-rio.br>2024-06-24 12:03:59 -0300
commitc1dc08e8e8e22af9902a6341b4a9a9a7811954cc (patch)
tree7ce5d6c721bd306f83555d821d6372651e3ab223
parent0f7025dcae08e35a31866234d8d757ab54392190 (diff)
downloadlua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.gz
lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.bz2
lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.zip
Length of external strings must fit in Lua integer
(As the length of any string in Lua.)
-rw-r--r--lapi.c1
-rw-r--r--lauxlib.c8
-rw-r--r--lundump.c2
-rw-r--r--manual/manual.of2
4 files changed, 9 insertions, 4 deletions
diff --git a/lapi.c b/lapi.c
index 2b14c15e..f00bd53f 100644
--- a/lapi.c
+++ b/lapi.c
@@ -551,6 +551,7 @@ LUA_API const char *lua_pushextlstring (lua_State *L,
551 const char *s, size_t len, lua_Alloc falloc, void *ud) { 551 const char *s, size_t len, lua_Alloc falloc, void *ud) {
552 TString *ts; 552 TString *ts;
553 lua_lock(L); 553 lua_lock(L);
554 api_check(L, len <= MAX_SIZE, "string too large");
554 api_check(L, s[len] == '\0', "string not ending with zero"); 555 api_check(L, s[len] == '\0', "string not ending with zero");
555 ts = luaS_newextlstr (L, s, len, falloc, ud); 556 ts = luaS_newextlstr (L, s, len, falloc, ud);
556 setsvalue2s(L, L->top.p, ts); 557 setsvalue2s(L, L->top.p, ts);
diff --git a/lauxlib.c b/lauxlib.c
index 99a63092..5aeec55f 100644
--- a/lauxlib.c
+++ b/lauxlib.c
@@ -538,10 +538,12 @@ static void newbox (lua_State *L) {
538*/ 538*/
539static size_t newbuffsize (luaL_Buffer *B, size_t sz) { 539static size_t newbuffsize (luaL_Buffer *B, size_t sz) {
540 size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ 540 size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */
541 if (l_unlikely(MAX_SIZET - sz - 1 < B->n)) /* overflow in (B->n + sz + 1)? */ 541 if (l_unlikely(sz > MAX_SIZE - B->n - 1))
542 return luaL_error(B->L, "buffer too large"); 542 return luaL_error(B->L, "resulting string too large");
543 if (newsize < B->n + sz + 1) /* not big enough? */ 543 if (newsize < B->n + sz + 1 || newsize > MAX_SIZE) {
544 /* newsize was not big enough or too big */
544 newsize = B->n + sz + 1; 545 newsize = B->n + sz + 1;
546 }
545 return newsize; 547 return newsize;
546} 548}
547 549
diff --git a/lundump.c b/lundump.c
index 51d5dc66..b5dbaec9 100644
--- a/lundump.c
+++ b/lundump.c
@@ -109,7 +109,7 @@ static size_t loadVarint (LoadState *S, size_t limit) {
109 109
110 110
111static size_t loadSize (LoadState *S) { 111static size_t loadSize (LoadState *S) {
112 return loadVarint(S, MAX_SIZET); 112 return loadVarint(S, MAX_SIZE);
113} 113}
114 114
115 115
diff --git a/manual/manual.of b/manual/manual.of
index 774981c4..56619afe 100644
--- a/manual/manual.of
+++ b/manual/manual.of
@@ -3942,6 +3942,8 @@ holding the string content,
3942and @id{len} is the length of the string. 3942and @id{len} is the length of the string.
3943The string should have a zero at its end, 3943The string should have a zero at its end,
3944that is, the condition @T{s[len] == '\0'} should hold. 3944that is, the condition @T{s[len] == '\0'} should hold.
3945As with any string in Lua,
3946the length must fit in a Lua integer.
3945 3947
3946If @id{falloc} is different from @id{NULL}, 3948If @id{falloc} is different from @id{NULL},
3947that function will be called by Lua 3949that function will be called by Lua