From dcb2998aa67224f79a2c949443e16d92fac2d3b8 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Wed, 22 Jun 2016 12:48:25 -0300 Subject: [PATCH] bug: expression list with four or more expressions in a 'for' loop can crash the interpreter. ('adjust_assign' must remove extra expresssions from its registers.) --- lparser.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lparser.c b/lparser.c index b42ab49c..2a818388 100644 --- a/lparser.c +++ b/lparser.c @@ -1,5 +1,5 @@ /* -** $Id: lparser.c,v 2.152 2016/03/07 19:25:39 roberto Exp roberto $ +** $Id: lparser.c,v 2.153 2016/05/13 19:10:16 roberto Exp roberto $ ** Lua Parser ** See Copyright Notice in lua.h */ @@ -323,6 +323,8 @@ static void adjust_assign (LexState *ls, int nvars, int nexps, expdesc *e) { luaK_nil(fs, reg, extra); } } + if (nexps > nvars) + ls->fs->freereg -= nexps - nvars; /* remove extra values */ } @@ -1160,11 +1162,8 @@ static void assignment (LexState *ls, struct LHS_assign *lh, int nvars) { int nexps; checknext(ls, '='); nexps = explist(ls, &e); - if (nexps != nvars) { + if (nexps != nvars) adjust_assign(ls, nvars, nexps, &e); - if (nexps > nvars) - ls->fs->freereg -= nexps - nvars; /* remove extra values */ - } else { luaK_setoneret(ls->fs, &e); /* close last expression */ luaK_storevar(ls->fs, &lh->v, &e);