首頁 探索 說明
登入
c
/
lua.lua
镜像来自 https://github.com/lua/lua.git
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Check string indices when loading binary chunk

Lua is not religious about that, but it tries to avoid crashes when
loading binary chunks.
Roberto Ierusalimschy 1 月之前
父節點
9386e49a31
當前提交
f711567448
共有 2 個文件被更改,包括 11 次插入13 次删除
分割檢視 顯示文件統計
  1. 6 6
      lundump.c
  2. 5 7
      manual/manual.of

+ 6 - 6
lundump.c
查看文件 

@@ -154,8 +154,9 @@ static void loadString (LoadState *S, Proto *p, TString **sl) {
 
   else if (size == 1) {  /* previously saved string? */
 
     lua_Unsigned idx = loadVarint(S, LUA_MAXUNSIGNED);  /* get its index */
 
     TValue stv;
 
-    luaH_getint(S->h, l_castU2S(idx), &stv);  /* get its value */
 
-    *sl = ts = tsvalue(&stv);
 
+    if (novariant(luaH_getint(S->h, l_castU2S(idx), &stv)) != LUA_TSTRING)
 
+      error(S, "invalid string index");
 
+    *sl = ts = tsvalue(&stv);  /* get its value */
 
     luaC_objbarrier(L, p, ts);
 
     return;  /* do not save it again */
 
   }
 
@@ -394,11 +395,10 @@ LClosure *luaU_undump (lua_State *L, ZIO *Z, const char *name, int fixed) {
 
   LoadState S;
 
   LClosure *cl;
 
   if (*name == '@' || *name == '=')
 
-    S.name = name + 1;
 
+    name = name + 1;
 
   else if (*name == LUA_SIGNATURE[0])
 
-    S.name = "binary string";
 
-  else
 
-    S.name = name;
 
+    name = "binary string";
 
+  S.name = name;
 
   S.L = L;
 
   S.Z = Z;
 
   S.fixed = cast_byte(fixed);

+ 5 - 7
manual/manual.of
查看文件 

@@ -1403,8 +1403,7 @@ see the program @idx{luac} and the function @Lid{string.dump} for details.
 
 Programs in source and compiled forms are interchangeable;
 
 Lua automatically detects the file type and acts accordingly @seeF{load}.
 
 Be aware that, unlike source code,
 
-the execution of maliciously crafted
 
-bytecode can crash the interpreter.
 
+maliciously crafted binary chunks can crash the interpreter.
 
 
 }
 
 
@@ -6694,11 +6693,10 @@ It may be the string @St{b} (only @x{binary chunk}s),
 
 or @St{bt} (both binary and text).
 
 The default is @St{bt}.
 
 
-It is safe to load malformed binary chunks;
 
-@id{load} signals an appropriate error.
 
-However,
 
-Lua does not check the consistency of the code inside binary chunks;
 
-running maliciously crafted bytecode can crash the interpreter.
 
+Lua does not check the consistency of binary chunks.
 
+Maliciously crafted binary chunks can crash
 
+the interpreter.
 
+You can use the @id{mode} parameter to prevent loading binary chunks.
 
 
 }