From 303f4155593721dfd57dadc6e56122e465ce9efb Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Fri, 18 Jul 2025 16:18:30 -0300 Subject: Randomness added to table length computation A bad actor could fill only a few entries in a table (power of twos in decreasing order, see tests) and produce a small table with a huge length. If your program builds a table with external data and iterates over its length, this behavior could be an issue. --- lapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lapi.c') diff --git a/lapi.c b/lapi.c index 71405a25..0c88751a 100644 --- a/lapi.c +++ b/lapi.c @@ -440,7 +440,7 @@ LUA_API lua_Unsigned lua_rawlen (lua_State *L, int idx) { case LUA_VSHRSTR: return cast(lua_Unsigned, tsvalue(o)->shrlen); case LUA_VLNGSTR: return cast(lua_Unsigned, tsvalue(o)->u.lnglen); case LUA_VUSERDATA: return cast(lua_Unsigned, uvalue(o)->len); - case LUA_VTABLE: return luaH_getn(hvalue(o)); + case LUA_VTABLE: return luaH_getn(L, hvalue(o)); default: return 0; } } -- cgit v1.2.3-55-g6feb