From 3b5b14a0852a911a299d97c91e09da52f66ea23d Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Mon, 11 Feb 2008 17:18:21 -0200
Subject: [PATCH] LUAI_MAXCSTACK must be smaller than -LUA_REGISTRYINDEX +
 coroutine.resume pushes element without ensuring stack size

---
 bugs | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 54 insertions(+), 1 deletion(-)

diff --git a/bugs b/bugs
index 8943a56b..76453a2c 100644
--- a/bugs
+++ b/bugs
@@ -1645,7 +1645,7 @@ a = coroutine.create(function() yield() end)
 coroutine.resume(a)
 debug.sethook(a)      -- may overflow the stack of 'a'
 ]],
-patch = [[ ]],
+patch = [[
 ldblib.c:
 @@ -268,12 +268,11 @@
      count = luaL_optint(L, arg+3, 0);
@@ -1680,6 +1680,59 @@ ldblib.c:
    }
    lua_pushstring(L, unmakemask(mask, buff));
    lua_pushinteger(L, lua_gethookcount(L1));
+]]
+}
+
+
+
+-----------------------------------------------------------------
+-- Lua 5.1.3
+
+Bug{
+what = [[LUAI_MAXCSTACK must be smaller than -LUA_REGISTRYINDEX]],
+report = [[Patrick Donnell, on 2008/02/11]],
+since = [[5.1.3]],
+example = [[
+j = 1e4
+co = coroutine.create(function()
+       t = {}
+       for i = 1, j do t[i] = i end
+       return unpack(t)
+end)
+print(coroutine.resume(co))
+]],
+patch = [[
+luaconf.h:
+443c443,444
+< ** functions to consume unlimited stack space.
+---
+> ** functions to consume unlimited stack space. (must be smaller than
+> ** -LUA_REGISTRYINDEX)
+445,446c446
+< #define LUAI_MCS_AUX  ((int)(INT_MAX / (4*sizeof(LUA_NUMBER))))
+< #define LUAI_MAXCSTACK        (LUAI_MCS_AUX > SHRT_MAX ? SHRT_MAX : LUAI_MCS_AUX)
+---
+> #define LUAI_MAXCSTACK        8000
+]],
+}
+
+Bug{
+what = [[coroutine.resume pushes element without ensuring stack size]],
+report = [[on 2008/02/11]],
+since = [[5.0]],
+example = [[(this bug cannot be detected without internal assertions)]],
+patch = [[
+lbaselib.c:
+@@ -526,7 +526,7 @@
+   status = lua_resume(co, narg);
+   if (status == 0 || status == LUA_YIELD) {
+     int nres = lua_gettop(co);
+-    if (!lua_checkstack(L, nres))
++    if (!lua_checkstack(L, nres + 1))
+       luaL_error(L, "too many results to resume");
+     lua_xmove(co, L, nres);  /* move yielded values */
+     return nres;
+]],
 }
 
 Bug{