From a546138d158d79d44b2c5b42630be00d306f4e7c Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Thu, 18 Jul 2024 14:44:40 -0300
Subject: Explicit limit for number of results in a call

The parameter 'nresults' in 'lua_call' and similar functions has a
limit of 250. It already had an undocumented (and unchecked) limit of
SHRT_MAX, but it is seldom larger than 2.
---
 lcode.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lcode.c')

diff --git a/lcode.c b/lcode.c
index c1fce37f..0799306e 100644
--- a/lcode.c
+++ b/lcode.c
@@ -724,6 +724,8 @@ static void const2exp (TValue *v, expdesc *e) {
 */
 void luaK_setreturns (FuncState *fs, expdesc *e, int nresults) {
   Instruction *pc = &getinstruction(fs, e);
+  if (nresults + 1 > MAXARG_C)
+    luaX_syntaxerror(fs->ls, "too many multiple results");
   if (e->k == VCALL)  /* expression is an open function call? */
     SETARG_C(*pc, nresults + 1);
   else {
-- 
cgit v1.2.3-55-g6feb