bug: compiler could optimize away overflow check (+ changing indices

from 'int' to 'lua_Integer')
2014-04-01 15:50:34 -03:00 · 2014-04-01 15:50:34 -03:00 · 315c5bf7b7
parent 607be77ec8
commit 315c5bf7b7
1 changed files with 12 additions and 9 deletions
--- a/ltablib.c
+++ b/ltablib.c
@ -1,10 +1,11 @@
 /*
-** $Id: ltablib.c,v 1.65 2013/03/07 18:17:24 roberto Exp roberto $
+** $Id: ltablib.c,v 1.66 2014/03/21 13:52:33 roberto Exp roberto $
 ** Library for Table Manipulation
 ** See Copyright Notice in lua.h
 */


+#include <limits.h>
 #include <stddef.h>

 #define ltablib_c
@ -134,17 +135,19 @@ static int pack (lua_State *L) {


 static int unpack (lua_State *L) {
-  int i, e, n;
+  lua_Integer i, e;
+  lua_Unsigned n;
  luaL_checktype(L, 1, LUA_TTABLE);
-  i = luaL_optint(L, 2, 1);
-  e = luaL_opt(L, luaL_checkint, 3, luaL_len(L, 1));
+  i = luaL_optinteger(L, 2, 1);
+  e = luaL_opt(L, luaL_checkinteger, 3, luaL_len(L, 1));
  if (i > e) return 0;  /* empty range */
-  n = e - i + 1;  /* number of elements */
-  if (n <= 0 || !lua_checkstack(L, n))  /* n <= 0 means arithmetic overflow */
+  n = (lua_Unsigned)e - i;  /* number of elements minus 1 (avoid overflows) */
+  if (n >= (lua_Unsigned)INT_MAX  || !lua_checkstack(L, ++n))
    return luaL_error(L, "too many results to unpack");
-  lua_rawgeti(L, 1, i);  /* push arg[i] (avoiding overflow problems) */
-  while (i++ < e)  /* push arg[i + 1...e] */
-    lua_rawgeti(L, 1, i);
+  do {  /* must have at least one element */
+    lua_rawgeti(L, 1, i);  /* push arg[i..e] */
+  } while (i++ < e); 
+
  return n;
 }