Arithmetic overflow in luaL_checkstack
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
- Subject: Arithmetic overflow in luaL_checkstack
- From: William Ahern <william@...>
- Date: Wed, 6 Jan 2016 23:42:45 -0800
Here's a patch (attached and inline) against Lua 5.3.2 to avoid arithmetic
overflow in luaL_checkstack.
I used INT_MAX because the primary concern was arithmetic overflow of an int
type. But s/INT_MAX/LUAI_MAXSTACK/ would remove the <limits.h> dependency.
--- src/lauxlib.c.dist 2016年01月07日 15:13:03.000000000 +0800
+++ src/lauxlib.c 2016年01月07日 15:16:21.000000000 +0800
@@ -11,6 +11,7 @@
#include <errno.h>
+#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -352,7 +353,7 @@
LUALIB_API void luaL_checkstack (lua_State *L, int space, const char *msg) {
/* keep some extra space to run error routines, if needed */
const int extra = LUA_MINSTACK;
- if (!lua_checkstack(L, space + extra)) {
+ if (INT_MAX - extra < space || !lua_checkstack(L, space + extra)) {
if (msg)
luaL_error(L, "stack overflow (%s)", msg);
else
--- src/lauxlib.c.dist 2016年01月07日 15:13:03.000000000 +0800
+++ src/lauxlib.c 2016年01月07日 15:16:21.000000000 +0800
@@ -11,6 +11,7 @@
#include <errno.h>
+#include <limits.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -352,7 +353,7 @@
LUALIB_API void luaL_checkstack (lua_State *L, int space, const char *msg) {
/* keep some extra space to run error routines, if needed */
const int extra = LUA_MINSTACK;
- if (!lua_checkstack(L, space + extra)) {
+ if (INT_MAX - extra < space || !lua_checkstack(L, space + extra)) {
if (msg)
luaL_error(L, "stack overflow (%s)", msg);
else