diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2025-07-18 16:18:30 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2025-07-18 16:18:30 -0300 |
| commit | 303f4155593721dfd57dadc6e56122e465ce9efb (patch) | |
| tree | 2b723c2d744a53f96b0f067e5a39a15a7f9259ad /lapi.c | |
| parent | ccb8b307f11c7497e61f617b12f3a7f0a697256c (diff) | |
| download | lua-303f4155593721dfd57dadc6e56122e465ce9efb.tar.gz lua-303f4155593721dfd57dadc6e56122e465ce9efb.tar.bz2 lua-303f4155593721dfd57dadc6e56122e465ce9efb.zip | |
Randomness added to table length computation
A bad actor could fill only a few entries in a table (power of twos in
decreasing order, see tests) and produce a small table with a huge
length. If your program builds a table with external data and iterates
over its length, this behavior could be an issue.
Diffstat (limited to 'lapi.c')
| -rw-r--r-- | lapi.c | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -440,7 +440,7 @@ LUA_API lua_Unsigned lua_rawlen (lua_State *L, int idx) { | |||
| 440 | case LUA_VSHRSTR: return cast(lua_Unsigned, tsvalue(o)->shrlen); | 440 | case LUA_VSHRSTR: return cast(lua_Unsigned, tsvalue(o)->shrlen); |
| 441 | case LUA_VLNGSTR: return cast(lua_Unsigned, tsvalue(o)->u.lnglen); | 441 | case LUA_VLNGSTR: return cast(lua_Unsigned, tsvalue(o)->u.lnglen); |
| 442 | case LUA_VUSERDATA: return cast(lua_Unsigned, uvalue(o)->len); | 442 | case LUA_VUSERDATA: return cast(lua_Unsigned, uvalue(o)->len); |
| 443 | case LUA_VTABLE: return luaH_getn(hvalue(o)); | 443 | case LUA_VTABLE: return luaH_getn(L, hvalue(o)); |
| 444 | default: return 0; | 444 | default: return 0; |
| 445 | } | 445 | } |
| 446 | } | 446 | } |