diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2023-03-17 15:52:09 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2023-03-17 15:52:09 -0300 |
| commit | ab859fe59b464a038a45552921cb2b23892343af (patch) | |
| tree | c40223ce3f296c9d7e514b912931c093a8652c6a /lundump.c | |
| parent | c4b71b7ba0dee419b5bda1ec297eca8e42c9f1d2 (diff) | |
| download | lua-ab859fe59b464a038a45552921cb2b23892343af.tar.gz lua-ab859fe59b464a038a45552921cb2b23892343af.tar.bz2 lua-ab859fe59b464a038a45552921cb2b23892343af.zip | |
Bug: Loading a corrupted binary file can segfault
The size of the list of upvalue names are stored separated from the
size of the list of upvalues, but they share the same array.
Diffstat (limited to 'lundump.c')
| -rw-r--r-- | lundump.c | 2 |
1 files changed, 2 insertions, 0 deletions
| @@ -248,6 +248,8 @@ static void loadDebug (LoadState *S, Proto *f) { | |||
| 248 | f->locvars[i].endpc = loadInt(S); | 248 | f->locvars[i].endpc = loadInt(S); |
| 249 | } | 249 | } |
| 250 | n = loadInt(S); | 250 | n = loadInt(S); |
| 251 | if (n != 0) /* does it have debug information? */ | ||
| 252 | n = f->sizeupvalues; /* must be this many */ | ||
| 251 | for (i = 0; i < n; i++) | 253 | for (i = 0; i < n; i++) |
| 252 | f->upvalues[i].name = loadStringN(S, f); | 254 | f->upvalues[i].name = loadStringN(S, f); |
| 253 | } | 255 | } |