From 0c9bec0d38ed3d2c45d7be4e764a0bcffef98be1 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Wed, 7 Feb 2024 13:39:54 -0300 Subject: Better handling of size limit when resizing a table Avoid silent conversions from int to unsigned int when calling 'luaH_resize'; avoid silent conversions from lua_Integer to int in 'table.create'; MAXASIZE corrected for the new implementation of arrays; 'luaH_resize' checks explicitly whether new size respects MAXASIZE. (Even constructors were bypassing that check.) --- ltablib.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'ltablib.c') diff --git a/ltablib.c b/ltablib.c index c8838963..2ba31a4f 100644 --- a/ltablib.c +++ b/ltablib.c @@ -59,8 +59,10 @@ static void checktab (lua_State *L, int arg, int what) { static int tcreate (lua_State *L) { - int sizeseq = (int)luaL_checkinteger(L, 1); - int sizerest = (int)luaL_optinteger(L, 2, 0); + lua_Unsigned sizeseq = (lua_Unsigned)luaL_checkinteger(L, 1); + lua_Unsigned sizerest = (lua_Unsigned)luaL_optinteger(L, 2, 0); + luaL_argcheck(L, sizeseq <= UINT_MAX, 1, "out of range"); + luaL_argcheck(L, sizerest <= UINT_MAX, 2, "out of range"); lua_createtable(L, sizeseq, sizerest); return 1; } -- cgit v1.2.3-55-g6feb