aboutsummaryrefslogtreecommitdiff
path: root/lundump.c
diff options
context:
space:
mode:
authorRoberto Ierusalimschy <roberto@inf.puc-rio.br>2018-06-01 13:45:58 -0300
committerRoberto Ierusalimschy <roberto@inf.puc-rio.br>2018-06-01 13:45:58 -0300
commitb3970649550fe8471c55bfae57aa3752ddfa97a9 (patch)
tree221cd96ca2d20a952c8b8c02fa3e51fa6834ba6c /lundump.c
parent34aa0c5bd7493b6e01983df28f04af46a3d99967 (diff)
downloadlua-b3970649550fe8471c55bfae57aa3752ddfa97a9.tar.gz
lua-b3970649550fe8471c55bfae57aa3752ddfa97a9.tar.bz2
lua-b3970649550fe8471c55bfae57aa3752ddfa97a9.zip
avoid craches when loading tampered code with NULL as a string constant
Diffstat (limited to 'lundump.c')
-rw-r--r--lundump.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/lundump.c b/lundump.c
index 25ab102d..64b64362 100644
--- a/lundump.c
+++ b/lundump.c
@@ -1,5 +1,5 @@
1/* 1/*
2** $Id: lundump.c,v 2.48 2017/11/28 11:19:07 roberto Exp roberto $ 2** $Id: lundump.c,v 2.49 2017/12/07 18:59:52 roberto Exp roberto $
3** load precompiled Lua chunks 3** load precompiled Lua chunks
4** See Copyright Notice in lua.h 4** See Copyright Notice in lua.h
5*/ 5*/
@@ -36,7 +36,7 @@ typedef struct {
36} LoadState; 36} LoadState;
37 37
38 38
39static l_noret error(LoadState *S, const char *why) { 39static l_noret error (LoadState *S, const char *why) {
40 luaO_pushfstring(S->L, "%s: %s precompiled chunk", S->name, why); 40 luaO_pushfstring(S->L, "%s: %s precompiled chunk", S->name, why);
41 luaD_throw(S->L, LUA_ERRSYNTAX); 41 luaD_throw(S->L, LUA_ERRSYNTAX);
42} 42}
@@ -95,7 +95,10 @@ static lua_Integer LoadInteger (LoadState *S) {
95} 95}
96 96
97 97
98static TString *LoadString (LoadState *S) { 98/*
99** Load a nullable string
100*/
101static TString *LoadStringN (LoadState *S) {
99 size_t size = LoadSize(S); 102 size_t size = LoadSize(S);
100 if (size == 0) 103 if (size == 0)
101 return NULL; 104 return NULL;
@@ -112,6 +115,17 @@ static TString *LoadString (LoadState *S) {
112} 115}
113 116
114 117
118/*
119** Load a non-nullable string.
120*/
121static TString *LoadString (LoadState *S) {
122 TString *st = LoadStringN(S);
123 if (st == NULL)
124 error(S, "bad format for constant string");
125 return st;
126}
127
128
115static void LoadCode (LoadState *S, Proto *f) { 129static void LoadCode (LoadState *S, Proto *f) {
116 int n = LoadInt(S); 130 int n = LoadInt(S);
117 f->code = luaM_newvectorchecked(S->L, n, Instruction); 131 f->code = luaM_newvectorchecked(S->L, n, Instruction);
@@ -203,18 +217,18 @@ static void LoadDebug (LoadState *S, Proto *f) {
203 for (i = 0; i < n; i++) 217 for (i = 0; i < n; i++)
204 f->locvars[i].varname = NULL; 218 f->locvars[i].varname = NULL;
205 for (i = 0; i < n; i++) { 219 for (i = 0; i < n; i++) {
206 f->locvars[i].varname = LoadString(S); 220 f->locvars[i].varname = LoadStringN(S);
207 f->locvars[i].startpc = LoadInt(S); 221 f->locvars[i].startpc = LoadInt(S);
208 f->locvars[i].endpc = LoadInt(S); 222 f->locvars[i].endpc = LoadInt(S);
209 } 223 }
210 n = LoadInt(S); 224 n = LoadInt(S);
211 for (i = 0; i < n; i++) 225 for (i = 0; i < n; i++)
212 f->upvalues[i].name = LoadString(S); 226 f->upvalues[i].name = LoadStringN(S);
213} 227}
214 228
215 229
216static void LoadFunction (LoadState *S, Proto *f, TString *psource) { 230static void LoadFunction (LoadState *S, Proto *f, TString *psource) {
217 f->source = LoadString(S); 231 f->source = LoadStringN(S);
218 if (f->source == NULL) /* no source in dump? */ 232 if (f->source == NULL) /* no source in dump? */
219 f->source = psource; /* reuse parent's source */ 233 f->source = psource; /* reuse parent's source */
220 f->linedefined = LoadInt(S); 234 f->linedefined = LoadInt(S);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 18:45:24 +0000