commit abcc124df05fe19470abdb9d665160a7e3b01495
parent b4164a9aa7760be7d66f90d6af5093b9ff26fb0c
Author: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Wed, 28 Nov 2007 16:27:15 -0200
BUG: lua_setfenv may crash if called over an invalid object
Diffstat:
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/bugs b/bugs
@@ -1595,6 +1595,27 @@ ltablib.c:
}
Bug{
+what = [[lua_setfenv may crash if called over an invalid object]],
+report = [[Mike Pall, on 11/2007]],
+since = [[5.1]],
+example = [[
+> debug.setfenv(3, {})
+]],
+patch = [[
+lapi.c:
+@@ -749,7 +749,7 @@
+ res = 0;
+ break;
+ }
+- luaC_objbarrier(L, gcvalue(o), hvalue(L->top - 1));
++ if (res) luaC_objbarrier(L, gcvalue(o), hvalue(L->top - 1));
+ L->top--;
+ lua_unlock(L);
+ return res;
+]],
+}
+
+Bug{
what = [[ ]],
report = [[ , on ]],
since = [[i ]],
diff --git a/lapi.c b/lapi.c
@@ -1,5 +1,5 @@
/*
-** $Id: lapi.c,v 2.60 2007/04/17 13:19:53 roberto Exp roberto $
+** $Id: lapi.c,v 2.61 2007/08/07 16:53:40 roberto Exp roberto $
** Lua API
** See Copyright Notice in lua.h
*/
@@ -733,7 +733,7 @@ LUA_API int lua_setfenv (lua_State *L, int idx) {
res = 0;
break;
}
- luaC_objbarrier(L, gcvalue(o), hvalue(L->top - 1));
+ if (res) luaC_objbarrier(L, gcvalue(o), hvalue(L->top - 1));
L->top--;
lua_unlock(L);
return res;
