Re: Heap overflow in luaH_get

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Heap overflow in luaH_get
From: 云风 Cloud Wu <cloudwu@...>
Date: 2020年7月10日 12:52:46 +0800

Roberto Ierusalimschy <roberto@inf.puc-rio.br> 于2020年7月9日周四 下午10:02写道：
>
> Exactly! I guess the correction is moving its age back to OLD0, but
> I have to check that. Similar problems should occurr with other ages.
I make a simpler test case to reveal this bug. It always crashs when I
define a especial allocater for lua .
It may be helpful.
setmetatable ({}, { __gc = function(a) -- 1st finalizer
 setmetatable(a, { __gc = function (b) -- 2nd finalizer
 print(getmetatable(b))
 print(getmetatable(b).x) -- should be 42
 collectgarbage "step"
 collectgarbage "step"
 print(getmetatable(b))
 print(getmetatable(b).x) -- may crash !! use 2nd metatable after free
 end,
 x = 42,
 })
 a = nil
 collectgarbage "step" -- trigger 2nd finalizer
end })
collectgarbage "step" -- trigger 1st finalizer
-- 
http://blog.codingnow.com

Follow-Ups:
- Re: Heap overflow in luaH_get, Dibyendu Majumdar

References:
- Heap overflow in luaH_get, Yongheng Chen
- Re: Heap overflow in luaH_get, Andrew Gierth
- Re: Heap overflow in luaH_get, Roberto Ierusalimschy

Prev by Date: Re: New param in lua_resume in Lua 5.4
Next by Date: Re: Heap overflow in luaH_get
Previous by thread: Re: Heap overflow in luaH_get
Next by thread: Re: Heap overflow in luaH_get
Index(es):
- Date
- Thread