From 64066359dda2a0920d307e901185faf78cc32b97 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Mon, 25 Aug 2003 16:49:47 -0300 Subject: bug: IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate up to 60 characters in a `printf'. That causes a buffer overflow in `tostring'.. --- lbaselib.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'lbaselib.c') diff --git a/lbaselib.c b/lbaselib.c index 4c761bbf..fd5c7428 100644 --- a/lbaselib.c +++ b/lbaselib.c @@ -1,5 +1,5 @@ /* -** $Id: lbaselib.c,v 1.130 2003/04/03 13:35:34 roberto Exp roberto $ +** $Id: lbaselib.c,v 1.131 2003/05/16 18:59:08 roberto Exp roberto $ ** Basic library ** See Copyright Notice in lua.h */ @@ -324,7 +324,9 @@ static int luaB_xpcall (lua_State *L) { static int luaB_tostring (lua_State *L) { - char buff[64]; + char buff[4*sizeof(void *) + 2]; /* enough space for a `%p' */ + const char *tn = ""; + const void *p = NULL; luaL_checkany(L, 1); if (luaL_callmeta(L, 1, "__tostring")) /* is there a metafield? */ return 1; /* use its value */ @@ -338,24 +340,29 @@ static int luaB_tostring (lua_State *L) { case LUA_TBOOLEAN: lua_pushstring(L, (lua_toboolean(L, 1) ? "true" : "false")); return 1; + case LUA_TNIL: + lua_pushliteral(L, "nil"); + return 1; case LUA_TTABLE: - sprintf(buff, "table: %p", lua_topointer(L, 1)); + p = lua_topointer(L, 1); + tn = "table"; break; case LUA_TFUNCTION: - sprintf(buff, "function: %p", lua_topointer(L, 1)); + p = lua_topointer(L, 1); + tn = "function"; break; case LUA_TUSERDATA: case LUA_TLIGHTUSERDATA: - sprintf(buff, "userdata: %p", lua_touserdata(L, 1)); + p = lua_touserdata(L, 1); + tn = "userdata"; break; case LUA_TTHREAD: - sprintf(buff, "thread: %p", (void *)lua_tothread(L, 1)); + p = lua_tothread(L, 1); + tn = "thread"; break; - case LUA_TNIL: - lua_pushliteral(L, "nil"); - return 1; } - lua_pushstring(L, buff); + sprintf(buff, "%p", p); + lua_pushfstring(L, "%s: %s", tn, buff); return 1; } -- cgit v1.2.3-55-g6feb