commit 994a37c8e88d090421afb7ca639f01f868708452
parent 0ff1596476f7e3f65cd5505d148d43baf58fbaac
Author: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Fri, 29 Aug 2003 13:49:40 -0300
IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
up to 60 characters in a `printf'. That causes a buffer overflow in
`tostring'..
Diffstat:
M | bugs | | | 28 | ++++++++++++++++++++++++++-- |
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/bugs b/bugs
@@ -445,13 +445,13 @@ for i=1,10000000 do
end
]],
patch = [[
-*lgc.h:
+* lgc.h:
18c18
< void luaC_separateudata (lua_State *L);
---
> size_t luaC_separateudata (lua_State *L);
-*lgc.c:
+* lgc.c:
113c113,114
< void luaC_separateudata (lua_State *L) {
---
@@ -489,4 +489,28 @@ patch = [[
---
> checkSizes(L, deadmem);
]]
+}
+
+Bug{
+what=[[IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
+up to 60 characters in a `printf'. That causes a buffer overflow in
+`tostring'.]],
+report = [[David Burgess, 25/08/2003]],
+
+example = [[print{}; (in an AS400 machine)]],
+
+patch = [[
+* liolib.c:
+178c178
+< char buff[32];
+---
+> char buff[128];
+
+* lbaselib.c:
+327c327
+< char buff[64];
+---
+> char buff[128];
+]]
+}