diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2024-06-24 12:03:59 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2024-06-24 12:03:59 -0300 |
| commit | c1dc08e8e8e22af9902a6341b4a9a9a7811954cc (patch) | |
| tree | 7ce5d6c721bd306f83555d821d6372651e3ab223 | |
| parent | 0f7025dcae08e35a31866234d8d757ab54392190 (diff) | |
| download | lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.gz lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.bz2 lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.zip | |
Length of external strings must fit in Lua integer
(As the length of any string in Lua.)
| -rw-r--r-- | lapi.c | 1 | ||||
| -rw-r--r-- | lauxlib.c | 8 | ||||
| -rw-r--r-- | lundump.c | 2 | ||||
| -rw-r--r-- | manual/manual.of | 2 |
4 files changed, 9 insertions, 4 deletions
| @@ -551,6 +551,7 @@ LUA_API const char *lua_pushextlstring (lua_State *L, | |||
| 551 | const char *s, size_t len, lua_Alloc falloc, void *ud) { | 551 | const char *s, size_t len, lua_Alloc falloc, void *ud) { |
| 552 | TString *ts; | 552 | TString *ts; |
| 553 | lua_lock(L); | 553 | lua_lock(L); |
| 554 | api_check(L, len <= MAX_SIZE, "string too large"); | ||
| 554 | api_check(L, s[len] == '\0', "string not ending with zero"); | 555 | api_check(L, s[len] == '\0', "string not ending with zero"); |
| 555 | ts = luaS_newextlstr (L, s, len, falloc, ud); | 556 | ts = luaS_newextlstr (L, s, len, falloc, ud); |
| 556 | setsvalue2s(L, L->top.p, ts); | 557 | setsvalue2s(L, L->top.p, ts); |
| @@ -538,10 +538,12 @@ static void newbox (lua_State *L) { | |||
| 538 | */ | 538 | */ |
| 539 | static size_t newbuffsize (luaL_Buffer *B, size_t sz) { | 539 | static size_t newbuffsize (luaL_Buffer *B, size_t sz) { |
| 540 | size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ | 540 | size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ |
| 541 | if (l_unlikely(MAX_SIZET - sz - 1 < B->n)) /* overflow in (B->n + sz + 1)? */ | 541 | if (l_unlikely(sz > MAX_SIZE - B->n - 1)) |
| 542 | return luaL_error(B->L, "buffer too large"); | 542 | return luaL_error(B->L, "resulting string too large"); |
| 543 | if (newsize < B->n + sz + 1) /* not big enough? */ | 543 | if (newsize < B->n + sz + 1 || newsize > MAX_SIZE) { |
| 544 | /* newsize was not big enough or too big */ | ||
| 544 | newsize = B->n + sz + 1; | 545 | newsize = B->n + sz + 1; |
| 546 | } | ||
| 545 | return newsize; | 547 | return newsize; |
| 546 | } | 548 | } |
| 547 | 549 | ||
| @@ -109,7 +109,7 @@ static size_t loadVarint (LoadState *S, size_t limit) { | |||
| 109 | 109 | ||
| 110 | 110 | ||
| 111 | static size_t loadSize (LoadState *S) { | 111 | static size_t loadSize (LoadState *S) { |
| 112 | return loadVarint(S, MAX_SIZET); | 112 | return loadVarint(S, MAX_SIZE); |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | 115 | ||
diff --git a/manual/manual.of b/manual/manual.of index 774981c4..56619afe 100644 --- a/manual/manual.of +++ b/manual/manual.of | |||
| @@ -3942,6 +3942,8 @@ holding the string content, | |||
| 3942 | and @id{len} is the length of the string. | 3942 | and @id{len} is the length of the string. |
| 3943 | The string should have a zero at its end, | 3943 | The string should have a zero at its end, |
| 3944 | that is, the condition @T{s[len] == '\0'} should hold. | 3944 | that is, the condition @T{s[len] == '\0'} should hold. |
| 3945 | As with any string in Lua, | ||
| 3946 | the length must fit in a Lua integer. | ||
| 3945 | 3947 | ||
| 3946 | If @id{falloc} is different from @id{NULL}, | 3948 | If @id{falloc} is different from @id{NULL}, |
| 3947 | that function will be called by Lua | 3949 | that function will be called by Lua |