rpm/lua54
SHA256
1
0
Fork 0
forked from pool/lua54
Code Pull Requests Activity

Accepting request 1077316 from devel:languages:lua

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1077316
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/lua54?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger 2023-04-06 13:55:16 +00:00 committed by Git OBS Bridge
commit 26694a5bd0
3 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lua54.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Apr 4 11:58:56 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
- Added more numbered patches from upstream:
* luabugs11.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Mar 18 12:11:40 UTC 2023 - Callum Farmer <gmbr3@opensuse.org> Sat Mar 18 12:11:40 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>

1
lua54.spec
View File

@ -54,6 +54,7 @@ Patch13: luabugs7.patch
Patch14: luabugs8.patch Patch14: luabugs8.patch
Patch15: luabugs9.patch Patch15: luabugs9.patch
Patch16: luabugs10.patch Patch16: luabugs10.patch
Patch17: luabugs11.patch
# #
%if "%{flavor}" == "test" %if "%{flavor}" == "test"
BuildRequires: lua54 BuildRequires: lua54

77
luabugs11.patch Normal file
View File

@ -0,0 +1,77 @@
From ab859fe59b464a038a45552921cb2b23892343af Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Fri, 17 Mar 2023 15:52:09 -0300
Subject: [PATCH] Bug: Loading a corrupted binary file can segfault
The size of the list of upvalue names are stored separated from the
size of the list of upvalues, but they share the same array.
---
ldump.c | 8 ++++++--
lundump.c | 2 ++
testes/calls.lua | 14 ++++++++++++++
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/ldump.c b/ldump.c
index f848b669c..f231691b7 100644
--- a/src/ldump.c
+++ b/src/ldump.c
@@ -10,6 +10,7 @@
#include "lprefix.h"
+#include <limits.h>
#include <stddef.h>
#include "lua.h"
@@ -55,8 +56,11 @@ static void dumpByte (DumpState *D, int y) {
}
-/* dumpInt Buff Size */
-#define DIBS ((sizeof(size_t) * 8 / 7) + 1)
+/*
+** 'dumpSize' buffer size: each byte can store up to 7 bits. (The "+6"
+** rounds up the division.)
+*/
+#define DIBS ((sizeof(size_t) * CHAR_BIT + 6) / 7)
static void dumpSize (DumpState *D, size_t x) {
lu_byte buff[DIBS];
diff --git a/lundump.c b/lundump.c
index aba93f828..02aed64fb 100644
--- a/src/lundump.c
+++ b/src/lundump.c
@@ -248,6 +248,8 @@ static void loadDebug (LoadState *S, Proto *f) {
f->locvars[i].endpc = loadInt(S);
}
n = loadInt(S);
+ if (n != 0) /* does it have debug information? */
+ n = f->sizeupvalues; /* must be this many */
for (i = 0; i < n; i++)
f->upvalues[i].name = loadStringN(S, f);
}
diff --git a/testes/calls.lua b/testes/calls.lua
index a19385843..2d562a24a 100644
--- a/testes/calls.lua
+++ b/testes/calls.lua
@@ -342,6 +342,20 @@ do -- another bug (in 5.4.0)
end
+do -- another bug (since 5.2)
+ -- corrupted binary dump: list of upvalue names is larger than number
+ -- of upvalues, overflowing the array of upvalues.
+ local code =
+ "\x1b\x4c\x75\x61\x54\x00\x19\x93\x0d\x0a\x1a\x0a\x04\x08\x08\x78\x56\z
+ \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\x77\x40\x00\x86\x40\z
+ \x74\x65\x6d\x70\x81\x81\x01\x00\x02\x82\x48\x00\x02\x00\xc7\x00\x01\z
+ \x00\x80\x80\x80\x82\x00\x00\x80\x81\x82\x78\x80\x82\x81\x86\x40\x74\z
+ \x65\x6d\x70"
+
+ assert(load(code)) -- segfaults in previous versions
+end
+
+
x = string.dump(load("x = 1; return x"))
a = assert(load(read1(x), nil, "b"))
assert(a() == 1 and _G.x == 1)