IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate up to 60 characters in a `printf'. That causes a buffer overflow in `tostring'.. - lua

commit 994a37c8e88d090421afb7ca639f01f868708452
parent 0ff1596476f7e3f65cd5505d148d43baf58fbaac
Author: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date:   Fri, 29 Aug 2003 13:49:40 -0300

IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
up to 60 characters in a `printf'. That causes a buffer overflow in
`tostring'..

Diffstat:
M bugs  | 28 ++++++++++++++++++++++++++--

1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/bugs b/bugs
@@ -445,13 +445,13 @@ for i=1,10000000 do
 end
 ]],
 patch = [[
-*lgc.h:
+* lgc.h:
 18c18
 < void luaC_separateudata (lua_State *L);
 ---
 > size_t luaC_separateudata (lua_State *L);
 
-*lgc.c:
+* lgc.c:
 113c113,114
 < void luaC_separateudata (lua_State *L) {
 ---
@@ -489,4 +489,28 @@ patch = [[
 ---
 >   checkSizes(L, deadmem);
 ]]
+}
+
+Bug{
+what=[[IBM AS400 (OS400) has sizeof(void *)==16, and a `%p' may generate
+up to 60 characters in a `printf'. That causes a buffer overflow in
+`tostring'.]],
 
+report = [[David Burgess, 25/08/2003]],
+
+example = [[print{}; (in an AS400 machine)]],
+
+patch = [[
+* liolib.c:
+178c178
+<   char buff[32];
+---
+>   char buff[128];
+
+* lbaselib.c:
+327c327
+<   char buff[64];
+---
+>   char buff[128];
+]]
+}

	lua A copy of the Lua development repository
	Log \| Files \| Refs \| README