BUG/MINOR: hlua: fix invalid use of lua_pop on error paths

Multiple error paths made invalid use of lua_pop():

When the stack is emptied using lua_settop(0), lua_pop() (which is
implemented as a lua_settop() macro) should not be used right after,
because it could lead to invalid reads since the stack is already empty.

Unfortunately, some remnants from initial lua stack implementation kept
doing so, resulting in haproxy crashs on some lua runtime errors paths
from time to time (ie: ERRRUN, ERRMEM).

Moreover, the extra lua_pop() instruction, even if it was safe, is totally
pointless in such case.

Removing such unsafe lua_pop() statements when we know that the stack is
already empty.

This must be backported in every stable versions.

diff --git a/src/hlua.c b/src/hlua.c
index 72081528e7c1fa8ddf32abce1432b81fb10d8b45..5e4ce69e7d95f327e4024816969f51a779540ffa 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -1777,7 +1777,6 @@ resume_execution:
                }
                msg = lua_tostring(lua->T, -1);
                lua_settop(lua->T, 0); /* Empty the stack. */
-               lua_pop(lua->T, 1);
                trace = hlua_traceback(lua->T, ", ");
                if (msg)
                        lua_pushfstring(lua->T, "[state-id %d] runtime error: %s from %s", lua->state_id, msg, trace);
@@ -1800,7 +1799,6 @@ resume_execution:
                }
                msg = lua_tostring(lua->T, -1);
                lua_settop(lua->T, 0); /* Empty the stack. */
-               lua_pop(lua->T, 1);
                if (msg)
                        lua_pushfstring(lua->T, "[state-id %d] message handler error: %s", lua->state_id, msg);
                else
@@ -12907,7 +12905,6 @@ int hlua_post_init_state(lua_State *L)
                                kind = "runtime error";
                        msg = lua_tostring(L, -1);
                        lua_settop(L, 0); /* Empty the stack. */
-                       lua_pop(L, 1);
                        trace = hlua_traceback(L, ", ");
                        if (msg)
                                ha_alert("Lua init: %s: '%s' from %s\n", kind, msg, trace);
@@ -12928,8 +12925,7 @@ int hlua_post_init_state(lua_State *L)
                case LUA_ERRMEM:
                        if (!kind)
                                kind = "out of memory error";
-                       lua_settop(L, 0);
-                       lua_pop(L, 1);
+                       lua_settop(L, 0); /* Empty the stack. */
                        trace = hlua_traceback(L, ", ");
                        ha_alert("Lua init: %s: %s\n", kind, trace);
                        return_status = 0;