From 364e569945c044fd18c70ee1bc851364534aef97 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Tue, 9 Jun 2020 16:12:01 -0300 Subject: [PATCH] Avoid calling 'fprintf' with NULL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid undefined behavior in calls like «fprintf("%s", NULL)». ('lua_writestringerror' is implemented as 'fprintf', and 'lua_tostring' can return NULL if object is not a string.) --- lauxlib.c | 4 +++- ldblib.c | 2 +- ltests.c | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lauxlib.c b/lauxlib.c index e6d74168..e3d9be37 100644 --- a/lauxlib.c +++ b/lauxlib.c @@ -995,8 +995,10 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) { static int panic (lua_State *L) { + const char *msg = lua_tostring(L, -1); + if (msg == NULL) msg = "error object is not a string"; lua_writestringerror("PANIC: unprotected error in call to Lua API (%s)\n", - lua_tostring(L, -1)); + msg); return 0; /* return to Lua to abort */ } diff --git a/ldblib.c b/ldblib.c index 745cfd27..59eb8f0e 100644 --- a/ldblib.c +++ b/ldblib.c @@ -417,7 +417,7 @@ static int db_debug (lua_State *L) { return 0; if (luaL_loadbuffer(L, buffer, strlen(buffer), "=(debug command)") || lua_pcall(L, 0, 0, 0)) - lua_writestringerror("%s\n", lua_tostring(L, -1)); + lua_writestringerror("%s\n", luaL_tolstring(L, -1, NULL)); lua_settop(L, 0); /* remove eventual returns */ } } diff --git a/ltests.c b/ltests.c index 7e6d8610..314505c3 100644 --- a/ltests.c +++ b/ltests.c @@ -73,8 +73,10 @@ static void badexit (const char *fmt, const char *s1, const char *s2) { static int tpanic (lua_State *L) { + const char *msg = lua_tostring(L, -1); + if (msg == NULL) msg = "error object is not a string"; return (badexit("PANIC: unprotected error in call to Lua API (%s)\n", - lua_tostring(L, -1), NULL), + msg, NULL), 0); /* do not return to Lua */ }