Matej Cepl
435d079e12
- Added upstream-bugs.patch: upstream bug patches * Patches 2,3,4 - Added upstream-bugs-backport-lua54.patch: bugs discovered in lua54 * Patch 10: CVE-2020-24371, boo#1175449 * Patch 11: CVE-2020-24370, boo#1175448 * Patch 13 - Add RISC-V to list of 64-bit architectures OBS-URL: https://build.opensuse.org/request/show/827933 OBS-URL: https://build.opensuse.org/package/show/devel:languages:lua/lua53?expand=0&rev=34
254 lines
8.6 KiB
Diff
254 lines
8.6 KiB
Diff
--- a/src/lauxlib.c
|
|
+++ b/src/lauxlib.c
|
|
@@ -1011,8 +1011,13 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) {
|
|
free(ptr);
|
|
return NULL;
|
|
}
|
|
- else
|
|
- return realloc(ptr, nsize);
|
|
+ else { /* cannot fail when shrinking a block */
|
|
+ void *newptr = realloc(ptr, nsize);
|
|
+ if (newptr == NULL && ptr != NULL && nsize <= osize)
|
|
+ return ptr; /* keep the original block */
|
|
+ else /* no fail or not shrinking */
|
|
+ return newptr; /* use the new block */
|
|
+ }
|
|
}
|
|
|
|
|
|
--- a/src/llex.c
|
|
+++ b/src/llex.c
|
|
@@ -244,12 +244,12 @@ static int read_numeral (LexState *ls, SemInfo *seminfo) {
|
|
|
|
|
|
/*
|
|
-** skip a sequence '[=*[' or ']=*]'; if sequence is well formed, return
|
|
-** its number of '='s; otherwise, return a negative number (-1 iff there
|
|
-** are no '='s after initial bracket)
|
|
+** reads a sequence '[=*[' or ']=*]', leaving the last bracket.
|
|
+** If sequence is well formed, return its number of '='s + 2; otherwise,
|
|
+** return 1 if there is no '='s or 0 otherwise (an unfinished '[==...').
|
|
*/
|
|
-static int skip_sep (LexState *ls) {
|
|
- int count = 0;
|
|
+static size_t skip_sep (LexState *ls) {
|
|
+ size_t count = 0;
|
|
int s = ls->current;
|
|
lua_assert(s == '[' || s == ']');
|
|
save_and_next(ls);
|
|
@@ -257,11 +257,14 @@ static int skip_sep (LexState *ls) {
|
|
save_and_next(ls);
|
|
count++;
|
|
}
|
|
- return (ls->current == s) ? count : (-count) - 1;
|
|
+ return (ls->current == s) ? count + 2
|
|
+ : (count == 0) ? 1
|
|
+ : 0;
|
|
+
|
|
}
|
|
|
|
|
|
-static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) {
|
|
+static void read_long_string (LexState *ls, SemInfo *seminfo, size_t sep) {
|
|
int line = ls->linenumber; /* initial line (for error message) */
|
|
save_and_next(ls); /* skip 2nd '[' */
|
|
if (currIsNewline(ls)) /* string starts with a newline? */
|
|
@@ -295,8 +298,8 @@ static void read_long_string (LexState *ls, SemInfo *seminfo, int sep) {
|
|
}
|
|
} endloop:
|
|
if (seminfo)
|
|
- seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + (2 + sep),
|
|
- luaZ_bufflen(ls->buff) - 2*(2 + sep));
|
|
+ seminfo->ts = luaX_newstring(ls, luaZ_buffer(ls->buff) + sep,
|
|
+ luaZ_bufflen(ls->buff) - 2 * sep);
|
|
}
|
|
|
|
|
|
@@ -444,9 +447,9 @@ static int llex (LexState *ls, SemInfo *seminfo) {
|
|
/* else is a comment */
|
|
next(ls);
|
|
if (ls->current == '[') { /* long comment? */
|
|
- int sep = skip_sep(ls);
|
|
+ size_t sep = skip_sep(ls);
|
|
luaZ_resetbuffer(ls->buff); /* 'skip_sep' may dirty the buffer */
|
|
- if (sep >= 0) {
|
|
+ if (sep >= 2) {
|
|
read_long_string(ls, NULL, sep); /* skip long comment */
|
|
luaZ_resetbuffer(ls->buff); /* previous call may dirty the buff. */
|
|
break;
|
|
@@ -458,12 +461,12 @@ static int llex (LexState *ls, SemInfo *seminfo) {
|
|
break;
|
|
}
|
|
case '[': { /* long string or simply '[' */
|
|
- int sep = skip_sep(ls);
|
|
- if (sep >= 0) {
|
|
+ size_t sep = skip_sep(ls);
|
|
+ if (sep >= 2) {
|
|
read_long_string(ls, seminfo, sep);
|
|
return TK_STRING;
|
|
}
|
|
- else if (sep != -1) /* '[=...' missing second bracket */
|
|
+ else if (sep == 0) /* '[=...' missing second bracket */
|
|
lexerror(ls, "invalid long string delimiter", TK_STRING);
|
|
return '[';
|
|
}
|
|
|
|
--- a/src/lparser.c
|
|
+++ b/src/lparser.c
|
|
@@ -544,6 +544,7 @@ static void open_func (LexState *ls, FuncState *fs, BlockCnt *bl) {
|
|
fs->bl = NULL;
|
|
f = fs->f;
|
|
f->source = ls->source;
|
|
+ luaC_objbarrier(ls->L, f, f->source);
|
|
f->maxstacksize = 2; /* registers 0/1 are always valid */
|
|
enterblock(fs, bl, 0);
|
|
}
|
|
@@ -1616,6 +1617,7 @@ static void mainfunc (LexState *ls, FuncState *fs) {
|
|
fs->f->is_vararg = 1; /* main function is always declared vararg */
|
|
init_exp(&v, VLOCAL, 0); /* create and... */
|
|
newupvalue(fs, ls->envn, &v); /* ...set environment upvalue */
|
|
+ luaC_objbarrier(ls->L, fs->f, ls->envn);
|
|
luaX_next(ls); /* read first token */
|
|
statlist(ls); /* parse main body */
|
|
check(ls, TK_EOS);
|
|
@@ -1634,6 +1636,7 @@ LClosure *luaY_parser (lua_State *L, ZIO *z, Mbuffer *buff,
|
|
sethvalue(L, L->top, lexstate.h); /* anchor it */
|
|
luaD_inctop(L);
|
|
funcstate.f = cl->p = luaF_newproto(L);
|
|
+ luaC_objbarrier(L, cl, cl->p);
|
|
funcstate.f->source = luaS_new(L, name); /* create and anchor TString */
|
|
lua_assert(iswhite(funcstate.f)); /* do not need barrier here */
|
|
lexstate.buff = buff;
|
|
--- a/src/lundump.c
|
|
+++ b/src/lundump.c
|
|
@@ -85,8 +85,9 @@ static lua_Integer LoadInteger (LoadState *S) {
|
|
}
|
|
|
|
|
|
-static TString *LoadString (LoadState *S) {
|
|
+static TString *LoadString (LoadState *S, Proto *p) {
|
|
size_t size = LoadByte(S);
|
|
+ TString *ts;
|
|
if (size == 0xFF)
|
|
LoadVar(S, size);
|
|
if (size == 0)
|
|
@@ -94,13 +95,14 @@ static TString *LoadString (LoadState *S) {
|
|
else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */
|
|
char buff[LUAI_MAXSHORTLEN];
|
|
LoadVector(S, buff, size);
|
|
- return luaS_newlstr(S->L, buff, size);
|
|
+ ts = luaS_newlstr(S->L, buff, size);
|
|
}
|
|
else { /* long string */
|
|
- TString *ts = luaS_createlngstrobj(S->L, size);
|
|
+ ts = luaS_createlngstrobj(S->L, size);
|
|
LoadVector(S, getstr(ts), size); /* load directly in final place */
|
|
- return ts;
|
|
}
|
|
+ luaC_objbarrier(S->L, p, ts);
|
|
+ return ts;
|
|
}
|
|
|
|
|
|
@@ -140,7 +142,7 @@ static void LoadConstants (LoadState *S, Proto *f) {
|
|
break;
|
|
case LUA_TSHRSTR:
|
|
case LUA_TLNGSTR:
|
|
- setsvalue2n(S->L, o, LoadString(S));
|
|
+ setsvalue2n(S->L, o, LoadString(S, f));
|
|
break;
|
|
default:
|
|
lua_assert(0);
|
|
@@ -158,6 +160,7 @@ static void LoadProtos (LoadState *S, Proto *f) {
|
|
f->p[i] = NULL;
|
|
for (i = 0; i < n; i++) {
|
|
f->p[i] = luaF_newproto(S->L);
|
|
+ luaC_objbarrier(S->L, f, f->p[i]);
|
|
LoadFunction(S, f->p[i], f->source);
|
|
}
|
|
}
|
|
@@ -189,18 +192,18 @@ static void LoadDebug (LoadState *S, Proto *f) {
|
|
for (i = 0; i < n; i++)
|
|
f->locvars[i].varname = NULL;
|
|
for (i = 0; i < n; i++) {
|
|
- f->locvars[i].varname = LoadString(S);
|
|
+ f->locvars[i].varname = LoadString(S, f);
|
|
f->locvars[i].startpc = LoadInt(S);
|
|
f->locvars[i].endpc = LoadInt(S);
|
|
}
|
|
n = LoadInt(S);
|
|
for (i = 0; i < n; i++)
|
|
- f->upvalues[i].name = LoadString(S);
|
|
+ f->upvalues[i].name = LoadString(S, f);
|
|
}
|
|
|
|
|
|
static void LoadFunction (LoadState *S, Proto *f, TString *psource) {
|
|
- f->source = LoadString(S);
|
|
+ f->source = LoadString(S, f);
|
|
if (f->source == NULL) /* no source in dump? */
|
|
f->source = psource; /* reuse parent's source */
|
|
f->linedefined = LoadInt(S);
|
|
@@ -271,6 +274,7 @@ LClosure *luaU_undump(lua_State *L, ZIO *Z, const char *name) {
|
|
setclLvalue(L, L->top, cl);
|
|
luaD_inctop(L);
|
|
cl->p = luaF_newproto(L);
|
|
+ luaC_objbarrier(L, cl, cl->p);
|
|
LoadFunction(&S, cl->p, NULL);
|
|
lua_assert(cl->nupvalues == cl->p->sizeupvalues);
|
|
luai_verifycode(L, buff, cl->p);
|
|
--- a/src/lapi.c
|
|
+++ b/src/lapi.c
|
|
@@ -1254,13 +1254,12 @@ LUA_API const char *lua_setupvalue (lua_State *L, int funcindex, int n) {
|
|
}
|
|
|
|
|
|
-static UpVal **getupvalref (lua_State *L, int fidx, int n, LClosure **pf) {
|
|
+static UpVal **getupvalref (lua_State *L, int fidx, int n) {
|
|
LClosure *f;
|
|
StkId fi = index2addr(L, fidx);
|
|
api_check(L, ttisLclosure(fi), "Lua function expected");
|
|
f = clLvalue(fi);
|
|
api_check(L, (1 <= n && n <= f->p->sizeupvalues), "invalid upvalue index");
|
|
- if (pf) *pf = f;
|
|
return &f->upvals[n - 1]; /* get its upvalue pointer */
|
|
}
|
|
|
|
@@ -1269,7 +1268,7 @@ LUA_API void *lua_upvalueid (lua_State *L, int fidx, int n) {
|
|
StkId fi = index2addr(L, fidx);
|
|
switch (ttype(fi)) {
|
|
case LUA_TLCL: { /* lua closure */
|
|
- return *getupvalref(L, fidx, n, NULL);
|
|
+ return *getupvalref(L, fidx, n);
|
|
}
|
|
case LUA_TCCL: { /* C closure */
|
|
CClosure *f = clCvalue(fi);
|
|
@@ -1286,9 +1285,10 @@ LUA_API void *lua_upvalueid (lua_State *L, int fidx, int n) {
|
|
|
|
LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
|
|
int fidx2, int n2) {
|
|
- LClosure *f1;
|
|
- UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
|
|
- UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
|
|
+ UpVal **up1 = getupvalref(L, fidx1, n1);
|
|
+ UpVal **up2 = getupvalref(L, fidx2, n2);
|
|
+ if (*up1 == *up2)
|
|
+ return;
|
|
luaC_upvdeccount(L, *up1);
|
|
*up1 = *up2;
|
|
(*up1)->refcount++;
|
|
@@ -1289,6 +1289,8 @@ LUA_API void lua_upvaluejoin (lua_State *L, int fidx1, int n1,
|
|
LClosure *f1;
|
|
UpVal **up1 = getupvalref(L, fidx1, n1, &f1);
|
|
UpVal **up2 = getupvalref(L, fidx2, n2, NULL);
|
|
+ if (*up1 == *up2)
|
|
+ return;
|
|
luaC_upvdeccount(L, *up1);
|
|
*up1 = *up2;
|
|
(*up1)->refcount++;
|
|
--- a/Makefile
|
|
+++ b/Makefile
|
|
@@ -49 +49 @@
|
|
-R= $V.4
|
|
+R= $V.5
|