diff options
| author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2018-06-01 13:45:58 -0300 |
|---|---|---|
| committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2018-06-01 13:45:58 -0300 |
| commit | b3970649550fe8471c55bfae57aa3752ddfa97a9 (patch) | |
| tree | 221cd96ca2d20a952c8b8c02fa3e51fa6834ba6c /lundump.c | |
| parent | 34aa0c5bd7493b6e01983df28f04af46a3d99967 (diff) | |
| download | lua-github-b3970649550fe8471c55bfae57aa3752ddfa97a9.tar.gz | |
avoid craches when loading tampered code with NULL as a string constant
Diffstat (limited to 'lundump.c')
| -rw-r--r-- | lundump.c | 26 |
1 files changed, 20 insertions, 6 deletions
@@ -1,5 +1,5 @@ /* -** $Id: lundump.c,v 2.48 2017/11/28 11:19:07 roberto Exp roberto $ +** $Id: lundump.c,v 2.49 2017/12/07 18:59:52 roberto Exp roberto $ ** load precompiled Lua chunks ** See Copyright Notice in lua.h */ @@ -36,7 +36,7 @@ typedef struct { } LoadState; -static l_noret error(LoadState *S, const char *why) { +static l_noret error (LoadState *S, const char *why) { luaO_pushfstring(S->L, "%s: %s precompiled chunk", S->name, why); luaD_throw(S->L, LUA_ERRSYNTAX); } @@ -95,7 +95,10 @@ static lua_Integer LoadInteger (LoadState *S) { } -static TString *LoadString (LoadState *S) { +/* +** Load a nullable string +*/ +static TString *LoadStringN (LoadState *S) { size_t size = LoadSize(S); if (size == 0) return NULL; @@ -112,6 +115,17 @@ static TString *LoadString (LoadState *S) { } +/* +** Load a non-nullable string. +*/ +static TString *LoadString (LoadState *S) { + TString *st = LoadStringN(S); + if (st == NULL) + error(S, "bad format for constant string"); + return st; +} + + static void LoadCode (LoadState *S, Proto *f) { int n = LoadInt(S); f->code = luaM_newvectorchecked(S->L, n, Instruction); @@ -203,18 +217,18 @@ static void LoadDebug (LoadState *S, Proto *f) { for (i = 0; i < n; i++) f->locvars[i].varname = NULL; for (i = 0; i < n; i++) { - f->locvars[i].varname = LoadString(S); + f->locvars[i].varname = LoadStringN(S); f->locvars[i].startpc = LoadInt(S); f->locvars[i].endpc = LoadInt(S); } n = LoadInt(S); for (i = 0; i < n; i++) - f->upvalues[i].name = LoadString(S); + f->upvalues[i].name = LoadStringN(S); } static void LoadFunction (LoadState *S, Proto *f, TString *psource) { - f->source = LoadString(S); + f->source = LoadStringN(S); if (f->source == NULL) /* no source in dump? */ f->source = psource; /* reuse parent's source */ f->linedefined = LoadInt(S); |