bug: GC metamethod calls could mess C/Lua stack syncronization

author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2003-02-28 16:45:15 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2003-02-28 16:45:15 -0300
commit: 69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34 (patch)
tree: d9505d7a0e89940c55ff0a1fd3c13311b9084197 /lvm.c
parent: 6b6bc532a4f5e335540e6f19914cfe8435d064ed (diff)
download: lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.tar.gz
lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.tar.bz2
lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.zip
1 files changed, 17 insertions, 6 deletions
diff --git a/lvm.c b/lvm.c
index f999fae4..1a3054f8 100644
--- a/lvm.c
+++ b/lvm.c
@@ -1,5 +1,5 @@
 /*
-** $Id: lvm.c,v 1.277 2003/02/27 11:52:30 roberto Exp roberto $
+** $Id: lvm.c,v 1.278 2003/02/27 12:33:07 roberto Exp roberto $
 ** Lua virtual machine
 ** See Copyright Notice in lua.h
 */
@@ -393,15 +393,21 @@ static void Arith (lua_State *L, StkId ra,
 #define dojump(pc, i)   ((pc) += (i))
+unsigned int count = 0;
 StkId luaV_execute (lua_State *L) {
  LClosure *cl;
  TObject *k;
  const Instruction *pc;
+unsigned int ii, ic, ir, io;
+ii = count;
 callentry:  /* entry point when calling new functions */
+ic = count;
  L->ci->u.l.pc = &pc;
  if (L->hookmask & LUA_MASKCALL)
    luaD_callhook(L, LUA_HOOKCALL, -1);
 retentry:  /* entry point when returning to old functions */
+ir = count;
  lua_assert(L->ci->state == CI_SAVEDPC ||
             L->ci->state == (CI_SAVEDPC | CI_CALLING));
  L->ci->state = CI_HASFRAME;  /* activate frame */
@@ -412,6 +418,7 @@ StkId luaV_execute (lua_State *L) {
  for (;;) {
    const Instruction i = *pc++;
    StkId base, ra;
+count++;
    if ((L->hookmask & (LUA_MASKLINE | LUA_MASKCOUNT)) &&
        (--L->hookcount == 0 || L->hookmask & LUA_MASKLINE)) {
      traceexec(L);
@@ -658,20 +665,24 @@ StkId luaV_execute (lua_State *L) {
        break;
      }
      case OP_RETURN: {
-        CallInfo *ci = L->ci - 1;
+        CallInfo *ci = L->ci - 1;  /* previous function frame */
        int b = GETARG_B(i);
+io = count;
        if (b != 0) L->top = ra+b-1;
        lua_assert(L->ci->state & CI_HASFRAME);
        if (L->openupval) luaF_close(L, base);
        L->ci->state = CI_SAVEDPC;  /* deactivate current function */
        L->ci->u.l.savedpc = pc;
        /* previous function was running `here'? */
-        if (!(ci->state & CI_CALLING))
+        if (!(ci->state & CI_CALLING)) {
+          lua_assert((ci->state & CI_C) || ci->u.l.pc != &pc);
          return ra;  /* no: return */
-        else {  /* yes: continue its execution (go through) */
+        }
+        else {  /* yes: continue its execution */
          int nresults;
-          lua_assert(ttisfunction(ci->base - 1));
+          lua_assert(ci->u.l.pc == &pc &&
-          lua_assert(ci->state & CI_SAVEDPC);
+                     ttisfunction(ci->base - 1) &&
+                     (ci->state & CI_SAVEDPC));
          lua_assert(GET_OPCODE(*(ci->u.l.savedpc - 1)) == OP_CALL);
          nresults = GETARG_C(*(ci->u.l.savedpc - 1)) - 1;
          luaD_poscall(L, nresults, ra);
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2003-02-28 16:45:15 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2003-02-28 16:45:15 -0300
commit	69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34 (patch)
tree	d9505d7a0e89940c55ff0a1fd3c13311b9084197 /lvm.c
parent	6b6bc532a4f5e335540e6f19914cfe8435d064ed (diff)
download	lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.tar.gz lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.tar.bz2 lua-69dd9461e5aeb98fe9bbc71f1e81859d03ec8a34.zip