diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2008-02-14 14:02:58 -0200 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2008-02-14 14:02:58 -0200 |
| commit | 6d182faab65f7634802904c489de6dabcb56830a (patch) | |
| tree | e51d16ecf66a7ac80a77064314a0e7390498ad80 /lapi.c | |
| parent | f86f4116c82654d24faa4a32a909d0c27f3d4746 (diff) | |
| download | lua-6d182faab65f7634802904c489de6dabcb56830a.tar.gz lua-6d182faab65f7634802904c489de6dabcb56830a.tar.bz2 lua-6d182faab65f7634802904c489de6dabcb56830a.zip | |
bug: lua_checkstack may have arithmetic overflow for large 'size'
Diffstat (limited to 'lapi.c')
| -rw-r--r-- | lapi.c | 9 |
1 files changed, 4 insertions, 5 deletions
| @@ -1,5 +1,5 @@ | |||
| 1 | /* | 1 | /* |
| 2 | ** $Id: lapi.c,v 2.63 2008/01/25 13:42:12 roberto Exp roberto $ | 2 | ** $Id: lapi.c,v 2.64 2008/02/12 13:34:12 roberto Exp roberto $ |
| 3 | ** Lua API | 3 | ** Lua API |
| 4 | ** See Copyright Notice in lua.h | 4 | ** See Copyright Notice in lua.h |
| 5 | */ | 5 | */ |
| @@ -84,15 +84,14 @@ static Table *getcurrenv (lua_State *L) { | |||
| 84 | 84 | ||
| 85 | 85 | ||
| 86 | LUA_API int lua_checkstack (lua_State *L, int size) { | 86 | LUA_API int lua_checkstack (lua_State *L, int size) { |
| 87 | int res; | 87 | int res = 1; |
| 88 | lua_lock(L); | 88 | lua_lock(L); |
| 89 | if ((L->top - L->base + size) > LUAI_MAXCSTACK) | 89 | if (size > LUAI_MAXCSTACK || (L->top - L->base + size) > LUAI_MAXCSTACK) |
| 90 | res = 0; /* stack overflow */ | 90 | res = 0; /* stack overflow */ |
| 91 | else { | 91 | else if (size > 0) { |
| 92 | luaD_checkstack(L, size); | 92 | luaD_checkstack(L, size); |
| 93 | if (L->ci->top < L->top + size) | 93 | if (L->ci->top < L->top + size) |
| 94 | L->ci->top = L->top + size; | 94 | L->ci->top = L->top + size; |
| 95 | res = 1; | ||
| 96 | } | 95 | } |
| 97 | lua_unlock(L); | 96 | lua_unlock(L); |
| 98 | return res; | 97 | return res; |