Commit Graph

164 Commits

Author SHA1 Message Date
Roberto Ierusalimschy cfd7bc478f better patch for buffer overflow error 2004-11-03 10:22:39 -02:00
Roberto Ierusalimschy 271e05917f bug: lua_getupvalue and setupvalue do not check for index too small. 2004-08-17 14:45:45 -03:00
Roberto Ierusalimschy 9b854e6dbc BUG: string concatenation may cause arithmetic overflow, leading
to a buffer overflow.
2004-06-08 13:23:58 -03:00
Roberto Ierusalimschy 8e1f25e3f8 bug in `dofile' 2004-03-15 18:09:55 -03:00
Roberto Ierusalimschy a41d60e1d1 debugger can only see `local function' after it has a meaningful value 2003-10-09 14:56:23 -03:00
Roberto Ierusalimschy 21947deddc new bug + correction in path for coroutine bug 2003-10-07 09:34:21 -03:00
Roberto Ierusalimschy 5d4bf35ec9 bug: syntax `local function' does not increment stack size 2003-09-29 13:41:35 -03:00
Roberto Ierusalimschy 994a37c8e8 IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
up to 60 characters in a `printf'. That causes a buffer overflow in
`tostring'..
2003-08-29 13:50:02 -03:00
Roberto Ierusalimschy d66198719d several bugs for Lua 5.0 + new format for bug entries 2003-07-29 16:27:46 -03:00
Roberto Ierusalimschy b518d14071 bug: zio mixes a 255 as first char in a buffer with EOZ 2003-03-20 13:00:56 -03:00
Roberto Ierusalimschy 69dd9461e5 bug: GC metamethod calls could mess C/Lua stack syncronization 2003-02-28 16:45:15 -03:00
Roberto Ierusalimschy feb724c122 ULONG_MAX>>10 may not fit into an int (old bug) 2003-02-21 16:00:14 -03:00
Roberto Ierusalimschy e44e579dc1 bug: luaD_protectedparser must protect its garbage collection too 2003-01-23 09:31:38 -02:00
Roberto Ierusalimschy 75f73172c4 bug: `resume' was checking the wrong value for stack overflow 2002-12-20 07:55:56 -02:00
Roberto Ierusalimschy cc4a22ebe2 bug: scope of generic for variables is not sound 2002-12-06 15:09:00 -02:00
Roberto Ierusalimschy beeff4ccaf GC metamethod stored in a weak metatable being collected together with
userdata may not be cleared properly
2002-08-30 16:08:30 -03:00
Roberto Ierusalimschy 6de93e2932 two new bugs in 4.0 :-( (both were already corrected in 5.0 :-) 2002-06-25 16:23:55 -03:00
Roberto Ierusalimschy 9d2e454d6f BUG: seg. fault when rawget/rawset get extra arguments 2001-12-21 15:30:31 -02:00
Roberto Ierusalimschy a3d03ff6b6 bug: error message for `%a' gave wrong line number 2001-07-10 17:02:22 -03:00
Roberto Ierusalimschy d444153dbe ESC (which starts precompiled code) in C is \33, not \27 2001-02-06 11:59:29 -02:00
Roberto Ierusalimschy 42224ca553 loop of 'dostring' may never reclaim memory 2001-02-02 14:23:20 -02:00
Roberto Ierusalimschy 6858763994 bug in lua_pushuserdata(L, NULL) 2001-02-01 11:56:49 -02:00
Roberto Ierusalimschy 6af005ec20 bug: when `read' fails it must return nil (and not no value) 2000-12-22 15:32:28 -02:00
Roberto Ierusalimschy fc7b167ae0 BUG: parser does not accept a `;' after a `return' 2000-11-29 09:57:42 -02:00
Roberto Ierusalimschy 89f98c0995 in function `read_file', realloc() doesn't free the buffer if it can't
allocate new memory
2000-10-26 10:53:55 -02:00
Roberto Ierusalimschy 282ab366f4 bug: parser overwrites semantic information when looking ahead 2000-09-27 14:41:58 -03:00
Roberto Ierusalimschy 444d6a106b lua_tag should return LUA_NOTAG for non-valid indices 2000-09-27 09:51:39 -03:00
Roberto Ierusalimschy c9c6f9747c GC may crash when checking C closures 2000-09-25 11:52:10 -03:00
Roberto Ierusalimschy c2aa7bd72d bug: lua_gettable does not get key from stack top 2000-09-25 11:48:42 -03:00
Roberto Ierusalimschy f9dd50cefc `read("*w")' should return nil at EOF 2000-09-22 15:14:06 -03:00
Roberto Ierusalimschy 48a968e6b5 gc tag method for nil could call line hook 2000-08-29 16:00:57 -03:00
Roberto Ierusalimschy 677313da32 bug: record-constructor starting with an upvalue name gets an error 2000-05-24 15:04:17 -03:00
Roberto Ierusalimschy 843f84f4ce first element in a list constructor is not adjusted to one value. 2000-05-12 15:12:04 -03:00
Roberto Ierusalimschy fe5c37ae95 BUG: `strfind' gets wrong subject length when there is an offset 2000-05-02 15:32:22 -03:00
Roberto Ierusalimschy b9c98cd4d9 entry for new version (4.0a) 2000-04-25 13:45:39 -03:00
Roberto Ierusalimschy e30327728c BUG: tostring() without arguments gives seg. fault. 2000-04-03 10:20:33 -03:00
Roberto Ierusalimschy 1780e2c977 lua_settable should check stack space (it could call a T.M.) 2000-03-02 09:44:29 -03:00
Roberto Ierusalimschy b3aaa048b0 bug: cannot reopen stdin (for binary mode) 1999-12-30 16:40:57 -02:00
Roberto Ierusalimschy 4d1b815b60 return gives wrong line in debug information. 1999-12-29 16:07:10 -02:00
Roberto Ierusalimschy a6755e2f1a BUG: `strfind' does not handle \0 in plain search. 1999-11-11 14:45:04 -02:00
Roberto Ierusalimschy ae3ecc2d4a tonumber'e1' and tonumber(' ', x), for x!=10, gave 0 instead of nil. 1999-09-08 17:45:18 -03:00
Roberto Ierusalimschy 7d365a5c7a in the (old) expression << ls->fs->f->consts[checkname(ls)] >>, checkname
could realloc f->consts.
1999-09-02 10:13:22 -03:00
Roberto Ierusalimschy 2a03170ebd random(0) and random(x,0) are wrong (0 is read as no argument!). 1999-08-18 11:40:51 -03:00
Roberto Ierusalimschy d4dce57f5c cannot assign to unlimited variables, because it causes overflow in
the number of returns of a function.
1999-06-16 10:35:01 -03:00
Roberto Ierusalimschy 3b533ea7c7 foreach, foreachi, foreachvar points to function in stack when stack
can be reallocated.
1999-05-24 14:53:49 -03:00
Roberto Ierusalimschy cc0f635ef7 '$' at end of pattern was matching regular '$', too. 1999-04-30 11:12:05 -03:00
Roberto Ierusalimschy 6233d21c9d file stream cannot call fread after EOF. 1999-03-04 11:50:26 -03:00
Roberto Ierusalimschy 1dcf1c9cbd format "%s" may break limit of "sprintf" on some machines. 1999-02-04 17:29:51 -02:00
Roberto Ierusalimschy 80001ab0eb getlocal cannot return the local itself, since lua_isstring and
lua_isnumber can modify it.
1999-02-03 14:42:42 -02:00
Roberto Ierusalimschy b94110a68f bug: "format" does not check size of format item (such as "%00000...00000d"). 1999-01-04 10:53:24 -02:00
Roberto Ierusalimschy 0c9080c7a9 "tonumber" goes crazy with negative numbers in other bases (not 10),
because "strtol" returns long, not unsigned long.
1998-12-18 11:26:43 -02:00
Roberto Ierusalimschy a84bca67fc bug: gsub/strfind do not check whether captures are properly finished. 1998-11-10 17:38:12 -02:00
Roberto Ierusalimschy ce9609296c function "luaL_argerror" prints wrong argument number (from a user's point
of view) when functions have upvalues.
1998-09-07 15:59:59 -03:00
Roberto Ierusalimschy da252eeff7 arguments for "format" 'x', 'X', 'o' and 'u' must be unsigned int. 1998-05-18 19:21:55 -03:00
Roberto Ierusalimschy be6d215f67 BUG: gsub('a', '(b?)%1*' ...) loops (because the capture is empty). 1998-03-09 15:28:08 -03:00
Roberto Ierusalimschy 6cdf0d8768 tables can become full of "emptys" slots, and keep growing without limits. 1998-01-28 14:50:33 -02:00
Roberto Ierusalimschy b3b7cf7335 BUG: "lua_getstring" may create a new string, so should check GC 1998-01-27 17:13:45 -02:00
Roberto Ierusalimschy 8622dc18bf bug: format size limits with little problems 1998-01-27 17:11:36 -02:00
Roberto Ierusalimschy d22e2644dd wrong line number (+1) in error report when file starts with "#..." 1998-01-19 18:18:02 -02:00
Roberto Ierusalimschy d49e4dd752 MAX_WORD should not be bigger than MAX_INT 1998-01-19 17:49:22 -02:00
Roberto Ierusalimschy 5d89dad9b8 bug log 1997-12-02 10:46:15 -02:00
Roberto Ierusalimschy 72a1d81b51 bug: lua_getlocal breaks when called with a CFunction. 1997-07-29 18:11:10 -03:00
Roberto Ierusalimschy 0600f968c3 BUG: LUA_COMPAT2_5 written wrong... 1997-07-29 10:35:06 -03:00
Roberto Ierusalimschy 971b1d557d bug log. Most of the log is done automatically by RCS, and not in
the file itself :-)
1997-07-29 10:34:15 -03:00