Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF
From: Roberto Ierusalimschy <roberto@...>
Date: 2023年8月31日 09:32:11 -0300

> 31 августа 2023 г. 12:24:38 GMT+03:00, "云风 Cloud Wu" <cloudwu@gmail.com> пишет:
> >I updated lua source from https://github.com/lua/lua today, and my
> >project crashed.
> >
> >I found the TString is not initialized before getshrstr().
> >
> >https://github.com/lua/lua/blob/master/lstring.c#L209-L211
> >
> >I think it should be :
> >
> > ts = createstrobj(L, l, LUA_VSHRSTR, h);
> > ts->shrlen = cast_byte(l);
> > memcpy(getshrstr(ts), str, l * sizeof(char));
> >
> >The `ts->shrlen` should be initialized before memcpy().
>
> It was reported here
> https://marc.info/?l=lua-l&m=169289729129364&w=2
And, as far as we know, it shouldn't cause a crash, but only a failed
assert, if and only if asserts are on (which is not the default).
-- Roberto

Follow-Ups:
- Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF, Sergey Bronnikov

References:
- Bug report : (lstring.c:210) (ts)->shrlen != 0xFF, 云风 Cloud Wu
- Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF, Sergey Bronnikov

Prev by Date: Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF
Next by Date: Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF
Previous by thread: Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF
Next by thread: Re: Bug report : (lstring.c:210) (ts)->shrlen != 0xFF
Index(es):
- Date
- Thread