In luaD_callnoyield, when there is a possible stack overflow, it
zeros the number of CallInfos to force a check when calling the
function. However, if the "function" is not a function, the code will
raise an error before checking the stack. Then, the error handling calls
luaD_callnoyield again and nCcalls is decremented again, crossing the
stack redzone without raising an error. (This loop can only happens
once, because the error handler must be a function. But once is enough
to cross the redzone.)
The field 'L->oldpc' is not always updated when control returns to a
function; an invalid value can seg. fault when computing 'changedline'.
(One example is an error in a finalizer; control can return to
'luaV_execute' without executing 'luaD_poscall'.) Instead of trying to
fix all possible corner cases, it seems safer to be resilient to invalid
values for 'oldpc'. Valid but wrong values at most cause an extra call
to a line hook.
When entering a coroutine, the computation of nCcalls added 'from->nci'
to correct for preallocated CallInfos, but 'nci' includes also the
Callinfos already used.
When an object aged OLD1 is finalized, it is moved from the list
'finobj' to the *beginning* of the list 'allgc'. So, this part of the
list (and not only the survival list) must be visited by 'markold'.
Macro HARDMEMTESTS broke in two: HARDMEMTESTS forces a full GC cycle
at every point where the GC can run. New macro EMERGENCYGCTESTS
forces an emergency collection at every memory allocation.
Errors in finalizers need a valid 'pc' to produce an error message,
even if the error is not propagated. Therefore, calls to the GC (which
may call finalizers) inside luaV_execute must save the 'pc'.
Macro 'checkstackGC' was doing a GC step after resizing the stack;
the GC could shrink the stack and undo the resize. Moreover, macro
'checkstackp' also does a GC step, which could remove the preallocated
CallInfo when calling a function. (Its name has been changed to
'checkstackGCp' to emphasize that it calls the GC.)
Allow memory errors to be raised through the API (throwing the
error with the memory error message); error in external allocations
raises a memory error; memory errors in coroutines are re-raised
as memory errors.
To allow their use in memory tests, some functions in 'ltests.c'
should never allocate memory. To avoid this allocation, the
library registers the strings used for status codes, and keeps
the variable '_WARN' always defined (with false instead of nil).
In 'lundump.c', when loading the upvalues of a function, there can be
a read error if the chunk is truncated. In that case, the creation
of the error message can trigger an emergency collection while the
prototype is still anchored. So, the prototype must be GC consistent
before loading the upvales, which implies that it the 'name' fields
must be filled with NULL before the reading.
'lua_resetthread' should reset the CallInfo list before calling
'luaF_close'. luaF_close can call functions, and those functions
should not run with dead functions still in the CallInfo list.
Avoid undefined behavior in calls like «fprintf("%s", NULL)».
('lua_writestringerror' is implemented as 'fprintf', and 'lua_tostring'
can return NULL if object is not a string.)
The parser were mixing compiler indices of variables with stack indices,
so that when a to-be-closed variable was used inside the scope of
compile-time constants (which may be optimized away), it might be closed
in the wrong place. (See new tests for examples.)
Besides fixing the bugs, this commit also changed comments and variable
names to avoid that kind of confusion and added tests.
- more consistent nomenclature for error handling
- more precise definition for dead objects
- added algorithm used by 'math.random'
- added luaL_pushfail
- some other minor changes
ISO C is silent about the return of 'system'. Windows sets 'errno' in
case of errors. Linux has several different error cases, with different
return values. ISO C allows 'system' to set 'errno' even if there are no
errors. Here we assume that a status==0 is success (which is the case
on several platforms), otherwise it is an error. If there is an error
number, gives the error based on it. (The worst a spurious 'errno'
can do is to generate a bad error message.) Otherwise uses the normal
results.
(Undoing part of commit f53eabeed8.) It is better to keep this encoding
stable, so that all Lua versions can read at least the version of a
binary file.
gcc now warns (with -Wextra) about casts between pointers to different
function types. The type 'void(*)(void)' works as a 'void*' for function
pointers, cleaning the warning.
The code should not compute an instruction address before checking that
it exists. (Virtually no machine complains of computing an invalid
address, as long as the address is not used, but for ISO C that is
undefined behavior.)
'simplesect' encloses the introductory text of sections with
subsections, so that each section either is all text or is all
subsections. (This commit also corrects a small brace error in the
manual and extra spaces/tabs in some other files.)
Collisions in short strings occurr just by their existence, when
internalizing them. (Collisions in long strings is caused/controlled
by the program, when adding them as keys to the same table.)
This function was computing invalid instruction addresses when the
expression was not a multi-return instruction. (Virtually all machines
don't raise errors when computing an invalid address, as long as the
address is not accessed, but this computation is undefined behavior in
ISO C.)