aboutsummaryrefslogtreecommitdiff
path: root/ldump.c
diff options
context:
space:
mode:
authorRoberto Ierusalimschy <roberto@inf.puc-rio.br>2023-03-17 15:52:09 -0300
committerRoberto Ierusalimschy <roberto@inf.puc-rio.br>2023-03-17 15:52:09 -0300
commitab859fe59b464a038a45552921cb2b23892343af (patch)
treec40223ce3f296c9d7e514b912931c093a8652c6a /ldump.c
parentc4b71b7ba0dee419b5bda1ec297eca8e42c9f1d2 (diff)
downloadlua-ab859fe59b464a038a45552921cb2b23892343af.tar.gz
lua-ab859fe59b464a038a45552921cb2b23892343af.tar.bz2
lua-ab859fe59b464a038a45552921cb2b23892343af.zip
Bug: Loading a corrupted binary file can segfault
The size of the list of upvalue names are stored separated from the size of the list of upvalues, but they share the same array.
Diffstat (limited to 'ldump.c')
-rw-r--r--ldump.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/ldump.c b/ldump.c
index f848b669..f231691b 100644
--- a/ldump.c
+++ b/ldump.c
@@ -10,6 +10,7 @@
10#include "lprefix.h" 10#include "lprefix.h"
11 11
12 12
13#include <limits.h>
13#include <stddef.h> 14#include <stddef.h>
14 15
15#include "lua.h" 16#include "lua.h"
@@ -55,8 +56,11 @@ static void dumpByte (DumpState *D, int y) {
55} 56}
56 57
57 58
58/* dumpInt Buff Size */ 59/*
59#define DIBS ((sizeof(size_t) * 8 / 7) + 1) 60** 'dumpSize' buffer size: each byte can store up to 7 bits. (The "+6"
61** rounds up the division.)
62*/
63#define DIBS ((sizeof(size_t) * CHAR_BIT + 6) / 7)
60 64
61static void dumpSize (DumpState *D, size_t x) { 65static void dumpSize (DumpState *D, size_t x) {
62 lu_byte buff[DIBS]; 66 lu_byte buff[DIBS];