From e752d84ed8250820aa3f6a097e008de6c2ec8322 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Wed, 13 Dec 2017 16:35:03 -0200 Subject: [PATCH] bug: memory-allocation error when resizing a table can leave it in an inconsistent state. --- bugs | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/bugs b/bugs index bd4b313c..d796facb 100644 --- a/bugs +++ b/bugs @@ -3680,9 +3680,9 @@ It needs an "interceptor" 'memcmp' function that continues reading memory after a difference is found.]], patch = [[ 2c2 -< ** $Id: bugs,v 1.157 2017/08/31 16:14:41 roberto Exp roberto $ +< ** $Id: bugs,v 1.158 2017/12/06 18:20:28 roberto Exp roberto $ --- -> ** $Id: bugs,v 1.157 2017/08/31 16:14:41 roberto Exp roberto $ +> ** $Id: bugs,v 1.158 2017/12/06 18:20:28 roberto Exp roberto $ 263c263,264 < for (option = LUA_STRFTIMEOPTIONS; *option != '\0'; option += oplen) { --- @@ -3904,6 +3904,31 @@ patch = [[ } +Bug{ +what = [[memory-allocation error when resizing a table can leave it +in an inconsistent state.]], +report = [[Roberto, 2017/12/08]], +since = [[5.0]], +fix = nil, +example = [[ +local a = {x = 1, y = 1, z = 1} +a[1] = 10 -- goes to the hash part (which has 4 slots) +print(a[1]) --> 10 + +-- assume that the 2nd memory allocation from now fails +pcall(rawset, a, 2, 20) -- forces a rehash + +-- a[1] now exists both in the array part (because the array part +-- grew) and in the hash part (because the allocation of the hash +-- part failed, keeping it as it was). +-- This makes the following traversal goes forever... +for k,v in pairs(a) do print(k,v) end +]], +patch = [[ +]] +} + + --[=[