bugs 26 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160
  1. --[=[
  2. ** lua.stx / llex.c
  3. Tue Dec 2 10:45:48 EDT 1997
  4. >> BUG: "lastline" was not reset on function entry, so debug information
  5. >> started only in the 2nd line of a function.
  6. =================================================================
  7. --- Version 3.1 alpha
  8. ** lua.c
  9. Thu Jan 15 14:34:58 EDT 1998
  10. >> must include "stdlib.h" (for "exit()").
  11. ** lbuiltin.c / lobject.h
  12. Thu Jan 15 14:34:58 EDT 1998
  13. >> MAX_WORD may be bigger than MAX_INT
  14. (by lhf)
  15. ** llex.c
  16. Mon Jan 19 18:17:18 EDT 1998
  17. >> wrong line number (+1) in error report when file starts with "#..."
  18. ** lstrlib.c
  19. Tue Jan 27 15:27:49 EDT 1998
  20. >> formats like "%020d" were considered too big (3 digits); moreover,
  21. >> some sistems limit printf to at most 500 chars, so we can limit sizes
  22. >> to 2 digits (99).
  23. ** lapi.c
  24. Tue Jan 27 17:12:36 EDT 1998
  25. >> "lua_getstring" may create a new string, so should check GC
  26. ** lstring.c / ltable.c
  27. Wed Jan 28 14:48:12 EDT 1998
  28. >> tables can become full of "empty" slots, and keep growing without limits.
  29. ** lstrlib.c
  30. Mon Mar 9 15:26:09 EST 1998
  31. >> gsub('a', '(b?)%1*' ...) loops (because the capture is empty).
  32. ** lstrlib.c
  33. Mon May 18 19:20:00 EST 1998
  34. >> arguments for "format" 'x', 'X', 'o' and 'u' must be unsigned int.
  35. =================================================================
  36. --- Version 3.1
  37. ** liolib.c / lauxlib.c
  38. Mon Sep 7 15:57:02 EST 1998
  39. >> function "luaL_argerror" prints wrong argument number (from a user's point
  40. of view) when functions have upvalues.
  41. ** lstrlib.c
  42. Tue Nov 10 17:29:36 EDT 1998
  43. >> gsub/strfind do not check whether captures are properly finished.
  44. (by roberto/tomas)
  45. ** lbuiltin.c
  46. Fri Dec 18 11:22:55 EDT 1998
  47. >> "tonumber" goes crazy with negative numbers in other bases (not 10),
  48. because "strtol" returns long, not unsigned long.
  49. (by Visual C++)
  50. ** lstrlib.c
  51. Mon Jan 4 10:41:40 EDT 1999
  52. >> "format" does not check size of format item (such as "%00000...00000d").
  53. ** lapi.c
  54. Wed Feb 3 14:40:21 EDT 1999
  55. >> getlocal cannot return the local itself, since lua_isstring and
  56. lua_isnumber can modify it.
  57. ** lstrlib.c
  58. Thu Feb 4 17:08:50 EDT 1999
  59. >> format "%s" may break limit of "sprintf" on some machines.
  60. (by Marcelo Sales)
  61. ** lzio.c
  62. Thu Mar 4 11:49:37 EST 1999
  63. >> file stream cannot call fread after EOF.
  64. (by lhf)
  65. =================================================================
  66. --- Version 3.2 (beta)
  67. ** lstrlib.c
  68. Fri Apr 30 11:10:20 EST 1999
  69. >> '$' at end of pattern was matching regular '$', too.
  70. (by anna; since 2.5)
  71. ** lbuiltin.c
  72. Fri May 21 17:15:11 EST 1999
  73. >> foreach, foreachi, foreachvar points to function in stack when stack
  74. can be reallocated.
  75. (by tomas; since 3.2 beta)
  76. ** lparser.c
  77. Wed Jun 16 10:32:46 EST 1999
  78. >> cannot assign to unlimited variables, because it causes overflow in
  79. the number of returns of a function.
  80. (since 3.1)
  81. =================================================================
  82. --- Version 3.2
  83. ** lmathlib.c
  84. Wed Aug 18 11:28:38 EST 1999
  85. >> random(0) and random(x,0) are wrong (0 is read as no argument!).
  86. (by Dave Bollinger; since 3.1)
  87. ** lparser.c
  88. Thu Sep 2 10:07:20 EST 1999
  89. >> in the (old) expression << ls->fs->f->consts[checkname(ls)] >>, checkname
  90. could realloc f->consts.
  91. (by Supratik Champati; since 3.2 beta)
  92. ** lobject.c / lbuiltin.c
  93. Wed Sep 8 17:41:54 EST 1999
  94. >> tonumber'e1' and tonumber(' ', x), for x!=10, gave 0 instead of nil.
  95. (since 3.1)
  96. ** lstrlib.c
  97. Thu Nov 11 14:36:30 EDT 1999
  98. >> `strfind' does not handle \0 in plain search.
  99. (by Jon Kleiser; since 3.1)
  100. ** lparser.c
  101. Wed Dec 29 16:05:43 EDT 1999
  102. >> return gives wrong line in debug information
  103. (by lhf; since 3.2 [at least])
  104. ** ldo.c
  105. Thu Dec 30 16:39:33 EDT 1999
  106. >> cannot reopen stdin (for binary mode)
  107. (by lhf & roberto; since 3.1)
  108. ** lapi.c
  109. Thu Mar 2 09:41:53 EST 2000
  110. >> lua_settable should check stack space (it could call a T.M.)
  111. (by lhf & celes; since 3.2; it was already fixed by fixed stack)
  112. ** lparser.c
  113. Mon Apr 3 09:59:06 EST 2000
  114. >> '%' should be in expfollow
  115. (by Edgar Toernig; since 3.1; it was already fixed)
  116. ** lbuiltin.c
  117. Mon Apr 3 10:05:05 EST 2000
  118. >> tostring() without arguments gives seg. fault.
  119. (by Edgar Toernig; since 3.0)
  120. =================================================================
  121. --- Version 4.0 alpha
  122. Tested with full test suites (as locked in Mon Apr 24 14:23:11 EST 2000)
  123. in the following platforms:
  124. * Linux - gcc, g++
  125. * AIX - gcc
  126. * Solaris - gcc, cc
  127. * IRIX - cc, cc-purify
  128. * Windows - Visual C++ (.c e .cpp, warning level=4)
  129. ** lstrlib.c
  130. Tue May 2 15:27:58 EST 2000
  131. >> `strfind' gets wrong subject length when there is an offset
  132. (by Jon Kleiser; since 4.0a)
  133. ** lparser.c
  134. Fri May 12 15:11:12 EST 2000
  135. >> first element in a list constructor is not adjusted to one value
  136. >> (e.g. «a = {gsub('a','a','')}»)
  137. (by Tomas; since 4.0a)
  138. ** lparser.c
  139. Wed May 24 14:50:16 EST 2000
  140. >> record-constructor starting with an upvalue name gets an error
  141. >> (e.g. «local a; function f() x = {a=1} end»)
  142. (by Edgar Toernig; since 3.1)
  143. ** lparser.c
  144. Tue Aug 29 15:56:05 EST 2000
  145. >> error message for `for' uses `while'
  146. (since 4.0a; already corrected)
  147. ** lgc.c
  148. Tue Aug 29 15:57:41 EST 2000
  149. >> gc tag method for nil could call line hook
  150. (by ry; since ?)
  151. =================================================================
  152. --- Version 4.0 Beta
  153. ** liolib.c
  154. Fri Sep 22 15:12:37 EST 2000
  155. >> `read("*w")' should return nil at EOF
  156. (by roberto; since 4.0b)
  157. ** lvm.c
  158. Mon Sep 25 11:47:48 EST 2000
  159. >> lua_gettable does not get key from stack top
  160. (by Philip Yi; since 4.0b)
  161. ** lgc.c
  162. Mon Sep 25 11:50:48 EST 2000
  163. >> GC may crash when checking locked C closures
  164. (by Philip Yi; since 4.0b)
  165. ** lapi.c
  166. Wed Sep 27 09:50:19 EST 2000
  167. >> lua_tag should return LUA_NOTAG for non-valid indices
  168. (by Paul Hankin; since 4.0b)
  169. ** llex.h / llex.c / lparser.c
  170. Wed Sep 27 13:39:45 EST 2000
  171. >> parser overwrites semantic information when looking ahead
  172. >> (e.g. «a = {print'foo'}»)
  173. (by Edgar Toernig; since 4.0b, deriving from previous bug)
  174. ** liolib.c
  175. Thu Oct 26 10:50:46 EDT 2000
  176. >> in function `read_file', realloc() doesn't free the buffer if it can't
  177. >> allocate new memory
  178. (by Mauro Vezzosi; since 4.0b)
  179. =================================================================
  180. --- Version 4.0
  181. ** lparser.c
  182. Wed Nov 29 09:51:44 EDT 2000
  183. >> parser does not accept a `;' after a `return'
  184. (by lhf; since 4.0b)
  185. ** liolib.c
  186. Fri Dec 22 15:30:42 EDT 2000
  187. >> when `read' fails it must return nil (and not no value)
  188. (by cassino; since at least 3.1)
  189. ** lstring.c/lapi.c
  190. Thu Feb 1 11:55:45 EDT 2001
  191. >> lua_pushuserdata(L, NULL) is buggy
  192. (by Edgar Toernig; since 4.0)
  193. ** ldo.c
  194. Fri Feb 2 14:06:40 EDT 2001
  195. >> «while 1 dostring[[print('hello\n')]] end» never reclaims memory
  196. (by Andrew Paton; since 4.0b)
  197. ** lbaselib.c
  198. Tue Feb 6 11:57:13 EDT 2001
  199. >> ESC (which starts precompiled code) in C is \33, not \27
  200. (by Edgar Toernig and lhf; since 4.0b)
  201. ** lparser.c
  202. Tue Jul 10 16:59:18 EST 2001
  203. >> error message for `%a' gave wrong line number
  204. (by Leonardo Constantino; since 4.0)
  205. ** lbaselib.c
  206. Fri Dec 21 15:21:05 EDT 2001
  207. >> seg. fault when rawget/rawset get extra arguments
  208. (by Eric Mauger; since 4.0b)
  209. ** lvm.c
  210. Wed Jun 19 13:28:20 EST 2002
  211. >> line hook gets wrong `ar'
  212. (by Daniel C. Sinclair; since 4.0.b)
  213. ** ldo.c
  214. Wed Jun 19 13:31:49 EST 2002
  215. >> `protectedparser' may run GC, and then collect `filename'
  216. >> (in function `parse_file')
  217. (by Alex Bilyk; since 4.0)
  218. =================================================================
  219. --- Version 5.0 alpha
  220. ** lgc.c
  221. Fri Aug 30 13:49:14 EST 2002
  222. >> GC metamethod stored in a weak metatable being collected together with
  223. >> userdata may not be cleared properly
  224. (by Roberto; since 5.0a)
  225. ** lapi.c
  226. Thu Nov 21 11:00:00 EST 2002
  227. >> ULONG_MAX>>10 may not fit into an int
  228. (by Jeff Petkau; since 4.0)
  229. ** lparser.c
  230. Fri Dec 6 17:06:40 UTC 2002
  231. >> scope of generic for variables is not sound
  232. (by Gavin Wraith; since 5.0a)
  233. =================================================================
  234. --- Version 5.0 beta
  235. ** lbaselib.c
  236. Fri Dec 20 09:53:19 UTC 2002
  237. >> `resume' was checking the wrong value for stack overflow
  238. (by Maik Zimmermann; since 5.0b)
  239. ** ldo.c
  240. Thu Jan 23 11:29:06 UTC 2003
  241. >> error during garbage collection in luaD_protectedparser is not being
  242. >> protected
  243. (by Benoit Germain; since 5.0a)
  244. ** ldo.c (and others)
  245. Fri Feb 28 14:20:33 EST 2003
  246. >> GC metamethod calls could mess C/Lua stack syncronization
  247. (by Roberto; since 5.0b)
  248. ** lzio.h/zlio.c
  249. Thu Mar 20 11:40:12 EST 2003
  250. >> zio mixes a 255 as first char in a buffer with EOZ
  251. (by lhf; since 5.0a)
  252. --]=]
  253. -----------------------------------------------------------------
  254. -- Lua 5.0 (final)
  255. Bug{
  256. what = [[lua_closethread exists only in the manual]],
  257. report = [[by Nguyen Binh, 28/04/2003]],
  258. patch = [[no patch; the manual is wrong]],
  259. }
  260. Bug{
  261. what = [[attempt to resume a running coroutine crashes Lua]],
  262. example = [[
  263. function co_func (current_co)
  264. coroutine.resume(co)
  265. end
  266. co = coroutine.create(co_func)
  267. coroutine.resume(co)
  268. coroutine.resume(co) --> seg. fault
  269. ]],
  270. report = [[by Alex Bilyk, 09/05/2003]],
  271. patch = [[
  272. * ldo.c:
  273. 325,326c325
  274. < if (nargs >= L->top - L->base)
  275. < luaG_runerror(L, "cannot resume dead coroutine");
  276. ---
  277. > lua_assert(nargs < L->top - L->base);
  278. 329c328,329
  279. < else if (ci->state & CI_YIELD) { /* inside a yield? */
  280. ---
  281. > else { /* inside a yield */
  282. > lua_assert(ci->state & CI_YIELD);
  283. 344,345d343
  284. < else
  285. < luaG_runerror(L, "cannot resume non-suspended coroutine");
  286. 351a350,358
  287. > static int resume_error (lua_State *L, const char *msg) {
  288. > L->top = L->ci->base;
  289. > setsvalue2s(L->top, luaS_new(L, msg));
  290. > incr_top(L);
  291. > lua_unlock(L);
  292. > return LUA_ERRRUN;
  293. > }
  294. >
  295. >
  296. 355a363,368
  297. > if (L->ci == L->base_ci) {
  298. > if (nargs >= L->top - L->base)
  299. > return resume_error(L, "cannot resume dead coroutine");
  300. > }
  301. > else if (!(L->ci->state & CI_YIELD)) /* not inside a yield? */
  302. > return resume_error(L, "cannot resume non-suspended coroutine");
  303. ]],
  304. }
  305. Bug{
  306. what = [[file:close cannot be called without a file. (results in seg fault)]],
  307. example = [[
  308. > io.stdin.close() -- correct call shold be io.stdin:close()
  309. ]],
  310. report = [[by Tuomo Valkonen, 27/05/2003]],
  311. patch = [[
  312. * liolib.c:
  313. 161c161
  314. < if (lua_isnone(L, 1)) {
  315. ---
  316. > if (lua_isnone(L, 1) && lua_type(L, lua_upvalueindex(1)) == LUA_TTABLE) {
  317. ]], --}}
  318. }
  319. Bug{
  320. what = [[C functions also may have stacks larger than current top]],
  321. example = [[
  322. Must recompile lua with a change in lua.c and with lua_assert defined:
  323. * lua.c:
  324. 381a382
  325. > lua_checkstack(l, 1000);
  326. ]],
  327. report = [[Alex Bilyk, 09/06/2003]],
  328. patch = [[
  329. * lgc.c:
  330. 247c247
  331. < if (!(ci->state & CI_C) && lim < ci->top)
  332. ---
  333. > if (lim < ci->top)
  334. ]],
  335. }
  336. Bug{
  337. what = [[`pc' address is invalidated when a coroutine is suspended]],
  338. example = [[
  339. function g(x)
  340. coroutine.yield(x)
  341. end
  342. function f (i)
  343. debug.sethook(print, "l")
  344. for j=1,1000 do
  345. g(i+j)
  346. end
  347. end
  348. co = coroutine.wrap(f)
  349. co(10)
  350. pcall(co)
  351. pcall(co)
  352. ]],
  353. report = [[Nick Trout, 07/07/2003]],
  354. patch = [[
  355. * lvm.c:
  356. 402,403c402,403
  357. < L->ci->u.l.pc = &pc;
  358. < if (L->hookmask & LUA_MASKCALL)
  359. ---
  360. > if (L->hookmask & LUA_MASKCALL) {
  361. > L->ci->u.l.pc = &pc;
  362. 404a405
  363. > }
  364. 405a407
  365. > L->ci->u.l.pc = &pc;
  366. 676,678c678
  367. < lua_assert(ci->u.l.pc == &pc &&
  368. < ttisfunction(ci->base - 1) &&
  369. < (ci->state & CI_SAVEDPC));
  370. ---
  371. > lua_assert(ttisfunction(ci->base - 1) && (ci->state & CI_SAVEDPC));
  372. ]]
  373. }
  374. Bug{
  375. what = [[userdata to be collected still counts into new GC threshold,
  376. increasing memory consumption]],
  377. report = [[Roberto, 25/07/2003]],
  378. example = [[
  379. a = newproxy(true)
  380. getmetatable(a).__gc = function () end
  381. for i=1,10000000 do
  382. newproxy(a)
  383. if math.mod(i, 10000) == 0 then print(gcinfo()) end
  384. end
  385. ]],
  386. patch = [[
  387. * lgc.h:
  388. 18c18
  389. < void luaC_separateudata (lua_State *L);
  390. ---
  391. > size_t luaC_separateudata (lua_State *L);
  392. * lgc.c:
  393. 113c113,114
  394. < void luaC_separateudata (lua_State *L) {
  395. ---
  396. > size_t luaC_separateudata (lua_State *L) {
  397. > size_t deadmem = 0;
  398. 127a129
  399. > deadmem += sizeudata(gcotou(curr)->uv.len);
  400. 136a139
  401. > return deadmem;
  402. 390c393
  403. < static void checkSizes (lua_State *L) {
  404. ---
  405. > static void checkSizes (lua_State *L, size_t deadmem) {
  406. 400c403
  407. < G(L)->GCthreshold = 2*G(L)->nblocks; /* new threshold */
  408. ---
  409. > G(L)->GCthreshold = 2*G(L)->nblocks - deadmem; /* new threshold */
  410. 454c457,458
  411. < static void mark (lua_State *L) {
  412. ---
  413. > static size_t mark (lua_State *L) {
  414. > size_t deadmem;
  415. 467c471
  416. < luaC_separateudata(L); /* separate userdata to be preserved */
  417. ---
  418. > deadmem = luaC_separateudata(L); /* separate userdata to be preserved */
  419. 475a480
  420. > return deadmem;
  421. 480c485
  422. < mark(L);
  423. ---
  424. > size_t deadmem = mark(L);
  425. 482c487
  426. < checkSizes(L);
  427. ---
  428. > checkSizes(L, deadmem);
  429. ]]
  430. }
  431. Bug{
  432. what=[[IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
  433. up to 60 characters in a `printf'. That causes a buffer overflow in
  434. `tostring'.]],
  435. report = [[David Burgess, 25/08/2003]],
  436. example = [[print{}; (in an AS400 machine)]],
  437. patch = [[
  438. * liolib.c:
  439. 178c178
  440. < char buff[32];
  441. ---
  442. > char buff[128];
  443. * lbaselib.c:
  444. 327c327
  445. < char buff[64];
  446. ---
  447. > char buff[128];
  448. ]]
  449. }
  450. Bug{
  451. what = [[syntax `local function' does not increment stack size]],
  452. report = [[Rici Lake, 26/09/2003]],
  453. example = [[
  454. -- must run this with precompiled code
  455. local a,b,c
  456. local function d () end
  457. ]],
  458. patch = [[
  459. * lparser.c:
  460. 1143a1144
  461. > FuncState *fs = ls->fs;
  462. 1145c1146,1147
  463. < init_exp(&v, VLOCAL, ls->fs->freereg++);
  464. ---
  465. > init_exp(&v, VLOCAL, fs->freereg);
  466. > luaK_reserveregs(fs, 1);
  467. 1148c1150,1152
  468. < luaK_storevar(ls->fs, &v, &b);
  469. ---
  470. > luaK_storevar(fs, &v, &b);
  471. > /* debug information will only see the variable after this point! */
  472. > getlocvar(fs, fs->nactvar - 1).startpc = fs->pc;
  473. ]],
  474. }
  475. Bug{
  476. what = [[count hook may be called without being set]],
  477. report = [[Andreas Stenius, 06/10/2003]],
  478. example = [[
  479. set your hooks with
  480. lua_sethook(L, my_hook, LUA_MASKLINE | LUA_MASKRET, 1);
  481. (It is weird to use a count > 0 without setting the count hook,
  482. but it is not wrong.)
  483. ]],
  484. patch = [[
  485. * lvm.c:
  486. 69c69
  487. < if (mask > LUA_MASKLINE) { /* instruction-hook set? */
  488. ---
  489. > if (mask & LUA_MASKCOUNT) { /* instruction-hook set? */
  490. ]],
  491. }
  492. Bug{
  493. what = [[`dofile' eats one return value when called without arguments]],
  494. report = [[Frederico Abraham, 15/01/2004]],
  495. example = [[
  496. a,b = dofile() --< here you enter `return 1,2,3 <eof>'
  497. print(a,b) --> 2 3 (should be 1 and 2)
  498. ]],
  499. patch = [[
  500. * lbaselib.c:
  501. 313a314
  502. > int n = lua_gettop(L);
  503. 317c318
  504. < return lua_gettop(L) - 1;
  505. ---
  506. > return lua_gettop(L) - n;
  507. ]],
  508. }
  509. -----------------------------------------------------------------
  510. -- Lua 5.0.2
  511. Bug{
  512. what = [[string concatenation may cause arithmetic overflow, leading
  513. to a buffer overflow]],
  514. report = [[Rici Lake, 20/05/2004]],
  515. example = [[
  516. longs = string.rep("\0", 2^25)
  517. function catter(i)
  518. return assert(loadstring(
  519. string.format("return function(a) return a%s end",
  520. string.rep("..a", i-1))))()
  521. end
  522. rep129 = catter(129)
  523. rep129(longs)
  524. ]],
  525. patch = [[
  526. * lvm.c:
  527. @@ -321,15 +321,15 @@
  528. luaG_concaterror(L, top-2, top-1);
  529. } else if (tsvalue(top-1)->tsv.len > 0) { /* if len=0, do nothing */
  530. /* at least two string values; get as many as possible */
  531. - lu_mem tl = cast(lu_mem, tsvalue(top-1)->tsv.len) +
  532. - cast(lu_mem, tsvalue(top-2)->tsv.len);
  533. + size_t tl = tsvalue(top-1)->tsv.len;
  534. char *buffer;
  535. int i;
  536. - while (n < total && tostring(L, top-n-1)) { /* collect total length */
  537. - tl += tsvalue(top-n-1)->tsv.len;
  538. - n++;
  539. + /* collect total length */
  540. + for (n = 1; n < total && tostring(L, top-n-1); n++) {
  541. + size_t l = tsvalue(top-n-1)->tsv.len;
  542. + if (l >= MAX_SIZET - tl) luaG_runerror(L, "string length overflow");
  543. + tl += l;
  544. }
  545. - if (tl > MAX_SIZET) luaG_runerror(L, "string size overflow");
  546. buffer = luaZ_openspace(L, &G(L)->buff, tl);
  547. tl = 0;
  548. for (i=n; i>0; i--) { /* concat all strings */
  549. ]]
  550. }
  551. Bug{
  552. what = [[lua_getupvalue and setupvalue do not check for index too small]],
  553. report = [[Mike Pall, ?/2004]],
  554. example = [[debug.getupvalue(function() end, 0)]],
  555. patch = [[
  556. * lapi.c
  557. 941c941
  558. < if (n > f->c.nupvalues) return NULL;
  559. ---
  560. > if (!(1 <= n && n <= f->c.nupvalues)) return NULL;
  561. 947c947
  562. < if (n > p->sizeupvalues) return NULL;
  563. ---
  564. > if (!(1 <= n && n <= p->sizeupvalues)) return NULL;
  565. ]]
  566. }
  567. Bug{
  568. what = [[values holded in open upvalues of suspended threads may be
  569. incorrectly collected]],
  570. report = [[Spencer Schumann, 31/12/2004]],
  571. example = [[
  572. local thread_id = 0
  573. local threads = {}
  574. function fn(thread)
  575. thread_id = thread_id + 1
  576. threads[thread_id] = function()
  577. thread = nil
  578. end
  579. coroutine.yield()
  580. end
  581. while true do
  582. local thread = coroutine.create(fn)
  583. coroutine.resume(thread, thread)
  584. end
  585. ]],
  586. patch = [[
  587. * lgc.c:
  588. 221,224c221,222
  589. < if (!u->marked) {
  590. < markobject(st, &u->value);
  591. < u->marked = 1;
  592. < }
  593. ---
  594. > markobject(st, u->v);
  595. > u->marked = 1;
  596. ]],
  597. }
  598. Bug{
  599. what = [[rawset/rawget do not ignore extra arguments]],
  600. report = [[Romulo Bahiense, 11/03/2005]],
  601. example = [[
  602. a = {}
  603. rawset(a, 1, 2, 3)
  604. print(a[1], a[2]) -- should be 2 and nil
  605. ]],
  606. patch = [[
  607. * lbaselib.c:
  608. 175a176
  609. > lua_settop(L, 2);
  610. 183a185
  611. > lua_settop(L, 3);
  612. ]],
  613. }
  614. Bug{
  615. what = [[weak tables that survive one collection are never collected]],
  616. report = [[Chromix, 02/01/2006]],
  617. example = [[
  618. a = {}
  619. print(gcinfo())
  620. for i = 1, 10000 do
  621. a[i] = setmetatable({}, {__mode = "v"})
  622. end
  623. collectgarbage()
  624. a = nil
  625. collectgarbage()
  626. print(gcinfo())
  627. ]],
  628. patch = [[
  629. * lgc.c
  630. @@ -366,7 +366,7 @@
  631. GCObject *curr;
  632. int count = 0; /* number of collected items */
  633. while ((curr = *p) != NULL) {
  634. - if (curr->gch.marked > limit) {
  635. + if ((curr->gch.marked & ~(KEYWEAK | VALUEWEAK)) > limit) {
  636. unmark(curr);
  637. p = &curr->gch.next;
  638. }
  639. ]],
  640. }
  641. Bug{
  642. what = [[Some "not not exp" may not result in boolean values]],
  643. report = [[]],
  644. since = [[4.0]],
  645. example = [[
  646. -- should print false, but prints nil
  647. print(not not (nil and 4))
  648. ]],
  649. patch = [[]],
  650. }
  651. Bug{
  652. what = [[On some machines, closing a "piped file" (created with io.popen)
  653. may crash Lua]],
  654. report = [[]],
  655. since = [[5.0]],
  656. example = [[
  657. -- only on some machines
  658. f = io.popen("ls")
  659. f:close()
  660. ]],
  661. patch = [[]],
  662. }
  663. -----------------------------------------------------------------
  664. -- Lua 5.1
  665. Bug{
  666. what = [[In 16-bit machines, expressions and/or with numeric constants as the
  667. right operand may result in weird values]],
  668. report = [[Andreas Stenius/Kein-Hong Man, 15/03/2006]],
  669. example = [[
  670. print(false or 0) -- on 16-bit machines
  671. ]],
  672. patch = [[
  673. * lcode.c:
  674. @@ -731,17 +731,15 @@
  675. case OPR_AND: {
  676. lua_assert(e1->t == NO_JUMP); /* list must be closed */
  677. luaK_dischargevars(fs, e2);
  678. - luaK_concat(fs, &e1->f, e2->f);
  679. - e1->k = e2->k; e1->u.s.info = e2->u.s.info;
  680. - e1->u.s.aux = e2->u.s.aux; e1->t = e2->t;
  681. + luaK_concat(fs, &e2->f, e1->f);
  682. + *e1 = *e2;
  683. break;
  684. }
  685. case OPR_OR: {
  686. lua_assert(e1->f == NO_JUMP); /* list must be closed */
  687. luaK_dischargevars(fs, e2);
  688. - luaK_concat(fs, &e1->t, e2->t);
  689. - e1->k = e2->k; e1->u.s.info = e2->u.s.info;
  690. - e1->u.s.aux = e2->u.s.aux; e1->f = e2->f;
  691. + luaK_concat(fs, &e2->t, e1->t);
  692. + *e1 = *e2;
  693. break;
  694. }
  695. ]],
  696. }
  697. Bug{
  698. what = [[luaL_checkudata may produce wrong error message]],
  699. report = [[Greg Falcon, 21/03/2006]],
  700. example = [[
  701. getmetatable(io.stdin).__gc()
  702. --> bad argument #1 to '__gc' (FILE* expected, got table)
  703. ]],
  704. patch = [[
  705. * lauxlib.c:
  706. @@ -123,11 +123,17 @@
  707. LUALIB_API void *luaL_checkudata (lua_State *L, int ud, const char *tname) {
  708. void *p = lua_touserdata(L, ud);
  709. - lua_getfield(L, LUA_REGISTRYINDEX, tname); /* get correct metatable */
  710. - if (p == NULL || !lua_getmetatable(L, ud) || !lua_rawequal(L, -1, -2))
  711. - luaL_typerror(L, ud, tname);
  712. - lua_pop(L, 2); /* remove both metatables */
  713. - return p;
  714. + if (p != NULL) { /* value is a userdata? */
  715. + if (lua_getmetatable(L, ud)) { /* does it have a metatable? */
  716. + lua_getfield(L, LUA_REGISTRYINDEX, tname); /* get correct metatable */
  717. + if (lua_rawequal(L, -1, -2)) { /* does it have the correct mt? */
  718. + lua_pop(L, 2); /* remove both metatables */
  719. + return p;
  720. + }
  721. + }
  722. + }
  723. + luaL_typerror(L, ud, tname); /* else error */
  724. + return NULL; /* to avoid warnings */
  725. }
  726. ]]
  727. }
  728. Bug{
  729. what = [[
  730. In Windows,
  731. when Lua is used in an application that also uses DirectX,
  732. it may present an erractic behavior.
  733. THIS IS NOT A LUA BUG!
  734. The problem is that DirectX violates an ABI that Lua depends on.]],
  735. patch = [[
  736. The simplest solution is to use DirectX with
  737. the D3DCREATE_FPU_PRESERVE flag.
  738. Otherwise, you can change the definition of lua_number2int,
  739. in luaconf.h, to this one:
  740. #define lua_number2int(i,d) __asm fld d __asm fistp i
  741. ]],
  742. }
  743. Bug{
  744. what = [[option '%q' in string.format does not handle '\r' correctly.]],
  745. example = [[
  746. local s = "a string with \r and \n and \r\n and \n\r"
  747. local c = string.format("return %q", s)
  748. assert(assert(loadstring(c))() == s)
  749. ]],
  750. patch = [[
  751. * lstrlib.c:
  752. @@ -703,6 +703,10 @@
  753. luaL_addchar(b, *s);
  754. break;
  755. }
  756. + case '\r': {
  757. + luaL_addlstring(b, "\\r", 2);
  758. + break;
  759. + }
  760. case '\0': {
  761. luaL_addlstring(b, "\\000", 4);
  762. break;
  763. ]],
  764. }
  765. Bug{
  766. what = [[lua_dostring/lua_dofile should return any values returned
  767. by the chunk]],
  768. patch = [[
  769. * lauxlib.h:
  770. @@ -108,9 +108,11 @@
  771. #define luaL_typename(L,i) lua_typename(L, lua_type(L,(i)))
  772. -#define luaL_dofile(L, fn) (luaL_loadfile(L, fn) || lua_pcall(L, 0, 0, 0))
  773. +#define luaL_dofile(L, fn) \
  774. + (luaL_loadfile(L, fn) || lua_pcall(L, 0, LUA_MULTRET, 0))
  775. -#define luaL_dostring(L, s) (luaL_loadstring(L, s) || lua_pcall(L, 0, 0, 0))+#define luaL_dostring(L, s) \
  776. + (luaL_loadstring(L, s) || lua_pcall(L, 0, LUA_MULTRET, 0))
  777. #define luaL_getmetatable(L,n) (lua_getfield(L, LUA_REGISTRYINDEX, (n)))
  778. ]],
  779. }
  780. Bug{
  781. what = [[garbage collector does not compensate enough for finalizers]],
  782. patch = [[
  783. lgc.c:
  784. @@ -322,4 +322,6 @@
  785. -static void propagateall (global_State *g) {
  786. - while (g->gray) propagatemark(g);
  787. +static size_t propagateall (global_State *g) {
  788. + size_t m = 0;
  789. + while (g->gray) m += propagatemark(g);
  790. + return m;
  791. }
  792. @@ -542,3 +544,3 @@
  793. marktmu(g); /* mark `preserved' userdata */
  794. - propagateall(g); /* remark, to propagate `preserveness' */
  795. + udsize += propagateall(g); /* remark, to propagate `preserveness' */
  796. cleartable(g->weak); /* remove collected objects from weak tables */
  797. @@ -592,2 +594,4 @@
  798. GCTM(L);
  799. + if (g->estimate > GCFINALIZECOST)
  800. + g->estimate -= GCFINALIZECOST;
  801. ]]
  802. }
  803. But{
  804. what = [[debug hooks may get wrong when mixed with coroutines]],
  805. report = [[by Ivko Stanilov, 03/06/2006]],
  806. example = [[
  807. co = coroutine.create(function (a,b)
  808. coroutine.yield(a, b)
  809. return b, "end"
  810. end)
  811. debug.sethook(co, function() end, "lcr")
  812. coroutine.resume(co, 100, 2000)
  813. coroutine.resume(co, 100, 2000)
  814. ]],
  815. patch = [[
  816. * ldo.c:
  817. @@ -389,6 +389,7 @@
  818. return;
  819. }
  820. else { /* resuming from previous yield */
  821. + L->status = 0;
  822. if (!f_isLua(ci)) { /* `common' yield? */
  823. /* finish interrupted execution of `OP_CALL' */
  824. lua_assert(GET_OPCODE(*((ci-1)->savedpc - 1)) == OP_CALL ||
  825. @@ -399,7 +400,6 @@
  826. else /* yielded inside a hook: just continue its execution */
  827. L->base = L->ci->base;
  828. }
  829. - L->status = 0;
  830. luaV_execute(L, cast_int(L->ci - L->base_ci));
  831. }
  832. ]],
  833. }
  834. -----------------------------------------------------------------
  835. -- Lua 5.1.1
  836. Bug{
  837. what = [[list constructors have wrong limit]],
  838. report = [[by Norman Ramsey, June 2006]],
  839. since = "Lua 5.1",
  840. example = [[
  841. a = {}
  842. a[1] = "x={1"
  843. for i = 2, 2^20 do
  844. a[i] = 1
  845. end
  846. a[#a + 1] = "}"
  847. s = table.concat(a, ",")
  848. assert(loadstring(s))()
  849. print(#x)
  850. ]],
  851. patch = [[
  852. * lparser.c:
  853. @@ -489,7 +489,7 @@
  854. static void listfield (LexState *ls, struct ConsControl *cc) {
  855. expr(ls, &cc->v);
  856. - luaY_checklimit(ls->fs, cc->na, MAXARG_Bx, "items in a constructor");
  857. + luaY_checklimit(ls->fs, cc->na, MAX_INT, "items in a constructor");
  858. cc->na++;
  859. cc->tostore++;
  860. }
  861. ]],
  862. }
  863. Bug{
  864. what = [[wrong message error in some cases involving closures]],
  865. report = [[Shmuel Zeigerman, on 07/2006]],
  866. since = "Lua 5.1",
  867. example = [[
  868. local Var
  869. local function main()
  870. NoSuchName (function() Var=0 end)
  871. end
  872. main()
  873. --> lua5.1: temp:3: attempt to call upvalue 'Var' (a nil value)
  874. ]],
  875. patch = [[
  876. *ldebug.c:
  877. @@ -435,14 +435,16 @@
  878. break;
  879. }
  880. case OP_CLOSURE: {
  881. - int nup;
  882. + int nup, j;
  883. check(b < pt->sizep);
  884. nup = pt->p[b]->nups;
  885. check(pc + nup < pt->sizecode);
  886. - for (; nup>0; nup--) {
  887. - OpCode op1 = GET_OPCODE(pt->code[pc+nup]);
  888. + for (j = 1; j <= nup; j++) {
  889. + OpCode op1 = GET_OPCODE(pt->code[pc + j]);
  890. check(op1 == OP_GETUPVAL || op1 == OP_MOVE);
  891. }
  892. + if (reg != NO_REG) /* tracing? */
  893. + pc += nup; /* do not 'execute' these pseudo-instructions */
  894. break;
  895. }
  896. case OP_VARARG: {
  897. ]],
  898. }
  899. Bug{
  900. what = [[string.format("%") reads past the string]],
  901. report = [[Roberto, on 09/2006]],
  902. since = [[5.0 (at least)]],
  903. example = [[print(string.format("%"))]],
  904. patch = [[
  905. *lstrlib.c:
  906. @@ -723,7 +723,7 @@
  907. static const char *scanformat (lua_State *L, const char *strfrmt, char *form) { const char *p = strfrmt;
  908. - while (strchr(FLAGS, *p)) p++; /* skip flags */
  909. + while (*p != '\0' && strchr(FLAGS, *p) != NULL) p++; /* skip flags */
  910. if ((size_t)(p - strfrmt) >= sizeof(FLAGS))
  911. luaL_error(L, "invalid format (repeated flags)");
  912. if (isdigit(uchar(*p))) p++; /* skip width */
  913. ]],
  914. }
  915. Bug{
  916. what = [[os.date throws an error when result is the empty string]],
  917. report = [[ ]],
  918. since = [[4.0]],
  919. example = [[print(os.date(""))]],
  920. patch = [[ ]],
  921. }
  922. Bug{
  923. what = [[ ]],
  924. report = [[ ]],
  925. since = [[ ]],
  926. example = [[ ]],
  927. patch = [[ ]],
  928. }