BUG/MINOR: hlua: prevent crash when loading numerous arguments using lua-load(per...

When providing multiple optional arguments with lua-load or
lua-load-per-thread directives, arguments where pushed 1 by 1
to the stack using lua_pushstring() without checking if the stack
could handle it.

This could easily lead to program crash when providing too much
arguments. I can easily reproduce the crash starting from ~50 arguments.

Calling lua_checkstack() before pushing to the stack fixes the crash:
  According to lua.org, lua_checkstack() does some housekeeping and
  allow the stack to be expanded as long as some memory is available
  and the hard limit isn't reached.
  When no memory is available to expand the stack or the limit is reached,
  lua_checkstacks returns an error: in this case we force hlua_load_state()
  to return a meaningfull error instead of crashing.
  In practice though, cfgparse complains about too many words
  way before such event may occur on a normal system.

  TLDR: the ~50 arguments limitation is not an issue anymore.

No backport needed, except if 'MINOR: hlua: Allow argument on
lua-lod(-per-thread) directives' (ae6b568) is backported.

diff --git a/src/hlua.c b/src/hlua.c
index 2f6ed27384fe0f9e3b55fe93389fbd21fb380f3d..a64dcec7d9754f01bf4552ba6b357365b62c336d 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -11274,6 +11274,11 @@ static int hlua_load_state(char **args, lua_State *L, char **err)
 
        /* Push args in the Lua stack, except the first one which is the filename */
        for (nargs = 1; *(args[nargs]) != 0; nargs++) {
+               /* Check stack size. */
+               if (!lua_checkstack(L, 1)) {
+                       memprintf(err, "Lua runtime error while loading arguments: stack is full.");
+                       return -1;
+               }
                lua_pushstring(L, args[nargs]);
        }
        nargs--;