From 4d7aefeee19060c37b0ed4d9d77b147a0408b0ca Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Fri, 23 Sep 2022 10:22:14 +0200 Subject: [PATCH] BUG/MINOR: hlua: prevent crash when loading numerous arguments using lua-load(per-thread) When providing multiple optional arguments with lua-load or lua-load-per-thread directives, arguments where pushed 1 by 1 to the stack using lua_pushstring() without checking if the stack could handle it. This could easily lead to program crash when providing too much arguments. I can easily reproduce the crash starting from ~50 arguments. Calling lua_checkstack() before pushing to the stack fixes the crash: According to lua.org, lua_checkstack() does some housekeeping and allow the stack to be expanded as long as some memory is available and the hard limit isn't reached. When no memory is available to expand the stack or the limit is reached, lua_checkstacks returns an error: in this case we force hlua_load_state() to return a meaningfull error instead of crashing. In practice though, cfgparse complains about too many words way before such event may occur on a normal system. TLDR: the ~50 arguments limitation is not an issue anymore. No backport needed, except if 'MINOR: hlua: Allow argument on lua-lod(-per-thread) directives' (ae6b568) is backported. --- src/hlua.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/hlua.c b/src/hlua.c index 2f6ed2738..a64dcec7d 100644 --- a/src/hlua.c +++ b/src/hlua.c @@ -11274,6 +11274,11 @@ static int hlua_load_state(char **args, lua_State *L, char **err) /* Push args in the Lua stack, except the first one which is the filename */ for (nargs = 1; *(args[nargs]) != 0; nargs++) { + /* Check stack size. */ + if (!lua_checkstack(L, 1)) { + memprintf(err, "Lua runtime error while loading arguments: stack is full."); + return -1; + } lua_pushstring(L, args[nargs]); } nargs--;