From c1dc08e8e8e22af9902a6341b4a9a9a7811954cc Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Mon, 24 Jun 2024 12:03:59 -0300 Subject: [PATCH] Length of external strings must fit in Lua integer (As the length of any string in Lua.) --- lapi.c | 1 + lauxlib.c | 8 +++++--- lundump.c | 2 +- manual/manual.of | 2 ++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lapi.c b/lapi.c index 2b14c15e..f00bd53f 100644 --- a/lapi.c +++ b/lapi.c @@ -551,6 +551,7 @@ LUA_API const char *lua_pushextlstring (lua_State *L, const char *s, size_t len, lua_Alloc falloc, void *ud) { TString *ts; lua_lock(L); + api_check(L, len <= MAX_SIZE, "string too large"); api_check(L, s[len] == '\0', "string not ending with zero"); ts = luaS_newextlstr (L, s, len, falloc, ud); setsvalue2s(L, L->top.p, ts); diff --git a/lauxlib.c b/lauxlib.c index 99a63092..5aeec55f 100644 --- a/lauxlib.c +++ b/lauxlib.c @@ -538,10 +538,12 @@ static void newbox (lua_State *L) { */ static size_t newbuffsize (luaL_Buffer *B, size_t sz) { size_t newsize = (B->size / 2) * 3; /* buffer size * 1.5 */ - if (l_unlikely(MAX_SIZET - sz - 1 < B->n)) /* overflow in (B->n + sz + 1)? */ - return luaL_error(B->L, "buffer too large"); - if (newsize < B->n + sz + 1) /* not big enough? */ + if (l_unlikely(sz > MAX_SIZE - B->n - 1)) + return luaL_error(B->L, "resulting string too large"); + if (newsize < B->n + sz + 1 || newsize > MAX_SIZE) { + /* newsize was not big enough or too big */ newsize = B->n + sz + 1; + } return newsize; } diff --git a/lundump.c b/lundump.c index 51d5dc66..b5dbaec9 100644 --- a/lundump.c +++ b/lundump.c @@ -109,7 +109,7 @@ static size_t loadVarint (LoadState *S, size_t limit) { static size_t loadSize (LoadState *S) { - return loadVarint(S, MAX_SIZET); + return loadVarint(S, MAX_SIZE); } diff --git a/manual/manual.of b/manual/manual.of index 774981c4..56619afe 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -3942,6 +3942,8 @@ holding the string content, and @id{len} is the length of the string. The string should have a zero at its end, that is, the condition @T{s[len] == '\0'} should hold. +As with any string in Lua, +the length must fit in a Lua integer. If @id{falloc} is different from @id{NULL}, that function will be called by Lua