]> git.ipfire.org Git - thirdparty/LuaJIT.git/commitdiff
projects / thirdparty / LuaJIT.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 45a7e50)
Fix embedded bytecode loader.
authorMike Pall <mike>
Mon, 13 Jan 2020 13:28:43 +0000 (14:28 +0100)
committerMike Pall <mike>
Mon, 13 Jan 2020 13:28:43 +0000 (14:28 +0100)
src/lj_bcread.c patch | blob | blame | history
src/lj_lex.c patch | blob | blame | history
src/lj_lex.h patch | blob | blame | history

diff --git a/src/lj_bcread.c b/src/lj_bcread.c
index 6a462bd6deb840c624c7a1e4e2cc1d052e5cbfa1..62695ef40dcabec904b4d030e5784ea478fd417f 100644 (file)
--- a/src/lj_bcread.c
+++ b/src/lj_bcread.c
@@ -80,6 +80,7 @@ static LJ_NOINLINE void bcread_fill(LexState *ls, MSize len, int need)
       ls->current = -1;  /* Only bad if we get called again. */
       break;
     }
+    if (size >= LJ_MAX_MEM - ls->sb.n) lj_err_mem(ls->L);
     if (ls->sb.n) {  /* Append to buffer. */
       MSize n = ls->sb.n + (MSize)size;
       bcread_resize(ls, n < len ? len : n);
@@ -467,7 +468,7 @@ GCproto *lj_bcread(LexState *ls)
     setprotoV(L, L->top, pt);
     incr_top(L);
   }
-  if ((int32_t)ls->n > 0 || L->top-1 != bcread_oldtop(L, ls))
+  if ((ls->n && !ls->endmark) || L->top-1 != bcread_oldtop(L, ls))
     bcread_error(ls, LJ_ERR_BCBAD);
   /* Pop off last prototype. */
   L->top--;
diff --git a/src/lj_lex.c b/src/lj_lex.c
index 1d063f8f977e76bbfc3f154ddc3efce67f186540..ecfcc01557a422b09a4846fd5cc6b3f9a12ca458 100644 (file)
--- a/src/lj_lex.c
+++ b/src/lj_lex.c
@@ -49,6 +49,10 @@ static int fillbuf(LexState *ls)
   size_t sz;
   const char *buf = ls->rfunc(ls->L, ls->rdata, &sz);
   if (buf == NULL || sz == 0) return END_OF_STREAM;
+  if (sz >= LJ_MAX_MEM) {
+    if (sz != ~(size_t)0) lj_err_mem(ls->L);
+    ls->endmark = 1;
+  }
   ls->n = (MSize)sz - 1;
   ls->p = buf;
   return char2int(*(ls->p++));
@@ -382,6 +386,7 @@ int lj_lex_setup(lua_State *L, LexState *ls)
   ls->lookahead = TK_eof;  /* No look-ahead token. */
   ls->linenumber = 1;
   ls->lastline = 1;
+  ls->endmark = 0;
   lj_str_resizebuf(ls->L, &ls->sb, LJ_MIN_SBUF);
   next(ls);  /* Read-ahead first char. */
   if (ls->current == 0xef && ls->n >= 2 && char2int(ls->p[0]) == 0xbb &&
diff --git a/src/lj_lex.h b/src/lj_lex.h
index 41c03f934e5519e0fe397291f809d17a43cd1120..f2346593f53208ae0cf469ccf18d62d81e7929f7 100644 (file)
--- a/src/lj_lex.h
+++ b/src/lj_lex.h
@@ -72,6 +72,7 @@ typedef struct LexState {
   BCInsLine *bcstack;  /* Stack for bytecode instructions/line numbers. */
   MSize sizebcstack;   /* Size of bytecode stack. */
   uint32_t level;      /* Syntactical nesting level. */
+  int endmark;         /* Trust bytecode end marker, even if not at EOF. */
 } LexState;
 
 LJ_FUNC int lj_lex_setup(lua_State *L, LexState *ls);
Mirror of https://github.com/LuaJIT/LuaJIT.git