using explicit tests for allocation overflow whenever possible

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2017-12-07 16:59:52 -0200
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2017-12-07 16:59:52 -0200
commit: 76223730332cbda5d47c09f019ce721b91bd5be2 (patch)
tree: 375c159891df5faf827dde4175ce42b7aa503194 /ltable.c
parent: 46bc7f2bf7cf7f48c354fde6b9571b795bdd5b4d (diff)
download: lua-76223730332cbda5d47c09f019ce721b91bd5be2.tar.gz
lua-76223730332cbda5d47c09f019ce721b91bd5be2.tar.bz2
lua-76223730332cbda5d47c09f019ce721b91bd5be2.zip
1 files changed, 29 insertions, 9 deletions
diff --git a/ltable.c b/ltable.c
index 54799c21..d1345009 100644
--- a/ltable.c
+++ b/ltable.c
@@ -1,5 +1,5 @@
 /*
-** $Id: ltable.c,v 2.126 2017/11/08 14:50:23 roberto Exp roberto $
+** $Id: ltable.c,v 2.127 2017/11/23 19:29:04 roberto Exp roberto $
 ** Lua tables (hash)
 ** See Copyright Notice in lua.h
 */
@@ -40,21 +40,34 @@
 /*
-** Maximum size of array part (MAXASIZE) is 2^MAXABITS. MAXABITS is
+** MAXABITS is the largest integer such that MAXASIZE fits in an
-** the largest integer such that MAXASIZE fits in an unsigned int.
+** unsigned int.
 */
 #define MAXABITS        cast_int(sizeof(int) * CHAR_BIT - 1)
-#define MAXASIZE        (1u << MAXABITS)
 /*
-** Maximum size of hash part is 2^MAXHBITS. MAXHBITS is the largest
+** MAXASIZE is the maximum size of the array part. It is the minimum
-** integer such that 2^MAXHBITS fits in a signed int. (Note that the
+** between 2^MAXABITS and the maximum size such that, measured in bytes,
-** maximum number of elements in a table, 2^MAXABITS + 2^MAXHBITS, still
+** it fits in a 'size_t'.
-** fits comfortably in an unsigned int.)
+*/
+#define MAXASIZE        luaM_limitN(1u << MAXABITS, TValue)
+/*
+** MAXHBITS is the largest integer such that 2^MAXHBITS fits in a
+** signed int.
 */
 #define MAXHBITS        (MAXABITS - 1)
+/*
+** MAXHSIZE is the maximum size of the hash part. It is the minimum
+** between 2^MAXHBITS and the maximum size such that, measured in bytes,
+** it fits in a 'size_t'.
+*/
+#define MAXHSIZE        luaM_limitN(1u << MAXHBITS, Node)
 #define hashpow2(t,n)           (gnode(t, lmod((n), sizenode(t))))
 #define hashstr(t,str)          hashpow2(t, (str)->hash)
@@ -353,6 +366,13 @@ static void setarrayvector (lua_State *L, Table *t, unsigned int size) {
 }
+/*
+** Creates an array for the hash part of a table with the given
+** size, or reuses the dummy node if size is zero.
+** The computation for size overflow is in two steps: the first
+** comparison ensures that the shift in the second one does not
+** overflow.
+*/
 static void setnodevector (lua_State *L, Table *t, unsigned int size) {
  if (size == 0) {  /* no elements to hash part? */
    t->node = cast(Node *, dummynode);  /* use common 'dummynode' */
@@ -362,7 +382,7 @@ static void setnodevector (lua_State *L, Table *t, unsigned int size) {
  else {
    int i;
    int lsize = luaO_ceillog2(size);
-    if (lsize > MAXHBITS)
+    if (lsize > MAXHBITS || (1u << lsize) > MAXHSIZE)
      luaG_runerror(L, "table overflow");
    size = twoto(lsize);
    t->node = luaM_newvector(L, size, Node);
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2017-12-07 16:59:52 -0200
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2017-12-07 16:59:52 -0200
commit	76223730332cbda5d47c09f019ce721b91bd5be2 (patch)
tree	375c159891df5faf827dde4175ce42b7aa503194 /ltable.c
parent	46bc7f2bf7cf7f48c354fde6b9571b795bdd5b4d (diff)
download	lua-76223730332cbda5d47c09f019ce721b91bd5be2.tar.gz lua-76223730332cbda5d47c09f019ce721b91bd5be2.tar.bz2 lua-76223730332cbda5d47c09f019ce721b91bd5be2.zip

diff --git a/ltable.c b/ltable.c index 54799c21..d1345009 100644 --- a/ltable.c +++ b/ltable.c
@@ -1,5 +1,5 @@
1	/*	1	/*
2	** $Id: ltable.c,v 2.126 2017/11/08 14:50:23 roberto Exp roberto $	2	** $Id: ltable.c,v 2.127 2017/11/23 19:29:04 roberto Exp roberto $
3	** Lua tables (hash)	3	** Lua tables (hash)
4	** See Copyright Notice in lua.h	4	** See Copyright Notice in lua.h
5	*/	5	*/
@@ -40,21 +40,34 @@
40		40
41		41
42	/*	42	/*
43	** Maximum size of array part (MAXASIZE) is 2^MAXABITS. MAXABITS is	43	** MAXABITS is the largest integer such that MAXASIZE fits in an
44	** the largest integer such that MAXASIZE fits in an unsigned int.	44	** unsigned int.
45	*/	45	*/
46	#define MAXABITS cast_int(sizeof(int) * CHAR_BIT - 1)	46	#define MAXABITS cast_int(sizeof(int) * CHAR_BIT - 1)
47	#define MAXASIZE (1u << MAXABITS)	47
48		48
49	/*	49	/*
50	** Maximum size of hash part is 2^MAXHBITS. MAXHBITS is the largest	50	** MAXASIZE is the maximum size of the array part. It is the minimum
51	** integer such that 2^MAXHBITS fits in a signed int. (Note that the	51	** between 2^MAXABITS and the maximum size such that, measured in bytes,
52	** maximum number of elements in a table, 2^MAXABITS + 2^MAXHBITS, still	52	** it fits in a 'size_t'.
53	** fits comfortably in an unsigned int.)	53	*/
		54	#define MAXASIZE luaM_limitN(1u << MAXABITS, TValue)
		55
		56	/*
		57	** MAXHBITS is the largest integer such that 2^MAXHBITS fits in a
		58	** signed int.
54	*/	59	*/
55	#define MAXHBITS (MAXABITS - 1)	60	#define MAXHBITS (MAXABITS - 1)
56		61
57		62
		63	/*
		64	** MAXHSIZE is the maximum size of the hash part. It is the minimum
		65	** between 2^MAXHBITS and the maximum size such that, measured in bytes,
		66	** it fits in a 'size_t'.
		67	*/
		68	#define MAXHSIZE luaM_limitN(1u << MAXHBITS, Node)
		69
		70
58	#define hashpow2(t,n) (gnode(t, lmod((n), sizenode(t))))	71	#define hashpow2(t,n) (gnode(t, lmod((n), sizenode(t))))
59		72
60	#define hashstr(t,str) hashpow2(t, (str)->hash)	73	#define hashstr(t,str) hashpow2(t, (str)->hash)
@@ -353,6 +366,13 @@ static void setarrayvector (lua_State L, Table t, unsigned int size) {
353	}	366	}
354		367
355		368
		369	/*
		370	** Creates an array for the hash part of a table with the given
		371	** size, or reuses the dummy node if size is zero.
		372	** The computation for size overflow is in two steps: the first
		373	** comparison ensures that the shift in the second one does not
		374	** overflow.
		375	*/
356	static void setnodevector (lua_State L, Table t, unsigned int size) {	376	static void setnodevector (lua_State L, Table t, unsigned int size) {
357	if (size == 0) { /* no elements to hash part? */	377	if (size == 0) { /* no elements to hash part? */
358	t->node = cast(Node , dummynode); / use common 'dummynode' */	378	t->node = cast(Node , dummynode); / use common 'dummynode' */
@@ -362,7 +382,7 @@ static void setnodevector (lua_State L, Table t, unsigned int size) {
362	else {	382	else {
363	int i;	383	int i;
364	int lsize = luaO_ceillog2(size);	384	int lsize = luaO_ceillog2(size);
365	if (lsize > MAXHBITS)	385	if (lsize > MAXHBITS \|\| (1u << lsize) > MAXHSIZE)
366	luaG_runerror(L, "table overflow");	386	luaG_runerror(L, "table overflow");
367	size = twoto(lsize);	387	size = twoto(lsize);
368	t->node = luaM_newvector(L, size, Node);	388	t->node = luaM_newvector(L, size, Node);