diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2025-07-18 16:18:30 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2025-07-18 16:18:30 -0300 |
| commit | 303f4155593721dfd57dadc6e56122e465ce9efb (patch) | |
| tree | 2b723c2d744a53f96b0f067e5a39a15a7f9259ad /lobject.c | |
| parent | ccb8b307f11c7497e61f617b12f3a7f0a697256c (diff) | |
| download | lua-303f4155593721dfd57dadc6e56122e465ce9efb.tar.gz lua-303f4155593721dfd57dadc6e56122e465ce9efb.tar.bz2 lua-303f4155593721dfd57dadc6e56122e465ce9efb.zip | |
Randomness added to table length computation
A bad actor could fill only a few entries in a table (power of twos in
decreasing order, see tests) and produce a small table with a huge
length. If your program builds a table with external data and iterates
over its length, this behavior could be an issue.
Diffstat (limited to '')
| -rw-r--r-- | lobject.c | 3 |
1 files changed, 2 insertions, 1 deletions
| @@ -31,7 +31,8 @@ | |||
| 31 | 31 | ||
| 32 | 32 | ||
| 33 | /* | 33 | /* |
| 34 | ** Computes ceil(log2(x)) | 34 | ** Computes ceil(log2(x)), which is the smallest integer n such that |
| 35 | ** x <= (1 << n). | ||
| 35 | */ | 36 | */ |
| 36 | lu_byte luaO_ceillog2 (unsigned int x) { | 37 | lu_byte luaO_ceillog2 (unsigned int x) { |
| 37 | static const lu_byte log_2[256] = { /* log_2[i - 1] = ceil(log2(i)) */ | 38 | static const lu_byte log_2[256] = { /* log_2[i - 1] = ceil(log2(i)) */ |