diff options
author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2024-06-24 12:03:59 -0300 |
---|---|---|
committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2024-06-24 12:03:59 -0300 |
commit | c1dc08e8e8e22af9902a6341b4a9a9a7811954cc (patch) | |
tree | 7ce5d6c721bd306f83555d821d6372651e3ab223 | |
parent | 0f7025dcae08e35a31866234d8d757ab54392190 (diff) | |
download | lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.gz lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.tar.bz2 lua-c1dc08e8e8e22af9902a6341b4a9a9a7811954cc.zip |
Length of external strings must fit in Lua integer
(As the length of any string in Lua.)
-rw-r--r-- | lapi.c | 1 | ||||
-rw-r--r-- | lauxlib.c | 8 | ||||
-rw-r--r-- | lundump.c | 2 | ||||
-rw-r--r-- | manual/manual.of | 2 |
4 files changed, 9 insertions, 4 deletions
@@ -551,6 +551,7 @@ LUA_API const char *lua_pushextlstring (lua_State *L, | |||
551 | const char *s, size_t len, lua_Alloc falloc, void *ud) { | 551 | const char *s, size_t len, lua_Alloc falloc, void *ud) { |
552 | TString *ts; | 552 | TString *ts; |
553 | lua_lock(L); | 553 | lua_lock(L); |
554 | api_check(L, len <= MAX_SIZE, "string too large"); | ||
554 | api_check(L, s[len] == '\0', "string not ending with zero"); | 555 | api_check(L, s[len] == '\0', "string not ending with zero"); |
555 | ts = luaS_newextlstr (L, s, len, falloc, ud); | 556 | ts = luaS_newextlstr (L, s, len, falloc, ud); |
556 | setsvalue2s(L, L->top.p, ts); | 557 | setsvalue2s(L, L->top.p, ts); |
@@ -538,10 +538,12 @@ static void newbox (lua_State *L) { | |||
538 | */ | 538 | */ |
539 | static size_t newbuffsize (luaL_Buffer *B, size_t sz) { | 539 | static size_t newbuffsize (luaL_Buffer *B, size_t sz) { |
540 | size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ | 540 | size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ |
541 | if (l_unlikely(MAX_SIZET - sz - 1 < B->n)) /* overflow in (B->n + sz + 1)? */ | 541 | if (l_unlikely(sz > MAX_SIZE - B->n - 1)) |
542 | return luaL_error(B->L, "buffer too large"); | 542 | return luaL_error(B->L, "resulting string too large"); |
543 | if (newsize < B->n + sz + 1) /* not big enough? */ | 543 | if (newsize < B->n + sz + 1 || newsize > MAX_SIZE) { |
544 | /* newsize was not big enough or too big */ | ||
544 | newsize = B->n + sz + 1; | 545 | newsize = B->n + sz + 1; |
546 | } | ||
545 | return newsize; | 547 | return newsize; |
546 | } | 548 | } |
547 | 549 | ||
@@ -109,7 +109,7 @@ static size_t loadVarint (LoadState *S, size_t limit) { | |||
109 | 109 | ||
110 | 110 | ||
111 | static size_t loadSize (LoadState *S) { | 111 | static size_t loadSize (LoadState *S) { |
112 | return loadVarint(S, MAX_SIZET); | 112 | return loadVarint(S, MAX_SIZE); |
113 | } | 113 | } |
114 | 114 | ||
115 | 115 | ||
diff --git a/manual/manual.of b/manual/manual.of index 774981c4..56619afe 100644 --- a/manual/manual.of +++ b/manual/manual.of | |||
@@ -3942,6 +3942,8 @@ holding the string content, | |||
3942 | and @id{len} is the length of the string. | 3942 | and @id{len} is the length of the string. |
3943 | The string should have a zero at its end, | 3943 | The string should have a zero at its end, |
3944 | that is, the condition @T{s[len] == '\0'} should hold. | 3944 | that is, the condition @T{s[len] == '\0'} should hold. |
3945 | As with any string in Lua, | ||
3946 | the length must fit in a Lua integer. | ||
3945 | 3947 | ||
3946 | If @id{falloc} is different from @id{NULL}, | 3948 | If @id{falloc} is different from @id{NULL}, |
3947 | that function will be called by Lua | 3949 | that function will be called by Lua |