From 75ea9ccbea7c4886f30da147fb67b693b2624c26 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Tue, 18 Aug 2020 14:48:43 -0300 Subject: Fixed bug of long strings in binary chunks When "undumping" a long string, the function 'LoadVector' can call the reader function, which can run the garbage collector, which can collect the string being read. So, the string must be anchored during the call to 'LoadVector'. (This commit also fixes the identation in 'l_alloc'.) --- lauxlib.c | 8 ++++---- lundump.c | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lauxlib.c b/lauxlib.c index 097c3cf3..ac68bd32 100644 --- a/lauxlib.c +++ b/lauxlib.c @@ -1013,10 +1013,10 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) { } else { /* cannot fail when shrinking a block */ void *newptr = realloc(ptr, nsize); - if (newptr == NULL && ptr != NULL && nsize <= osize) - return ptr; /* keep the original block */ - else /* no fail or not shrinking */ - return newptr; /* use the new block */ + if (newptr == NULL && ptr != NULL && nsize <= osize) + return ptr; /* keep the original block */ + else /* no fail or not shrinking */ + return newptr; /* use the new block */ } } diff --git a/lundump.c b/lundump.c index b75e10af..edf9eb8d 100644 --- a/lundump.c +++ b/lundump.c @@ -86,6 +86,7 @@ static lua_Integer LoadInteger (LoadState *S) { static TString *LoadString (LoadState *S, Proto *p) { + lua_State *L = S->L; size_t size = LoadByte(S); TString *ts; if (size == 0xFF) @@ -95,13 +96,16 @@ static TString *LoadString (LoadState *S, Proto *p) { else if (--size <= LUAI_MAXSHORTLEN) { /* short string? */ char buff[LUAI_MAXSHORTLEN]; LoadVector(S, buff, size); - ts = luaS_newlstr(S->L, buff, size); + ts = luaS_newlstr(L, buff, size); } else { /* long string */ - ts = luaS_createlngstrobj(S->L, size); + ts = luaS_createlngstrobj(L, size); + setsvalue2s(L, L->top, ts); /* anchor it ('loadVector' can GC) */ + luaD_inctop(L); LoadVector(S, getstr(ts), size); /* load directly in final place */ + L->top--; /* pop string */ } - luaC_objbarrier(S->L, p, ts); + luaC_objbarrier(L, p, ts); return ts; } -- cgit v1.2.1