1
0
mirror of https://github.com/mpv-player/mpv synced 2025-01-10 00:49:32 +00:00
mpv/player
Avi Halachmi (:avih) 32e851d2bc lua: makenode: prevent lua stack corruption
Normally there was no issue, but when the code converted a deeply
nested table into an mpv node - it didn't ensure the stack has room.

Lua doesn't check stack overflow when invoking lua_push* functions,
and leaves this responsibility to the (c) user via lua_checkstack.

Normally that's not an issue because when a lua (or autofree) function
is called, it's guaranteed at least LUA_MINSTACK (20) pushes.

However, pushnode and makenode are recursive, and each iteration can
add few values at the stack (which are popped when the recursion
unwinds), so checkstack must be used on (recursive) entry.

pushnode already checked the stack, makenode did not.

This commit checks the stack at makenode as well. The value of 6
(stack places to reserve) is with some room to spare, and in pratice
each iteration needs 2-3 at most (pushnode also leaves room).

Example which could previously corrupt the stack:
  utils.format_json({d1={d2={<8 more times>}}}

This uses makenode to convert the lua table into an mpv node which
the json writer uses as input, and if the depth is 10 or more then
corruption could occur. mp.command_native is also affected, as well as
any other mp/utils command which takes a lua table as input.

While at it, fix the error string which pushnode used (luaL_checkstack
uses the provided string with "Stack overflow (%s)", so the user
message only needs to be additional info).
2021-10-20 12:07:30 +03:00
..
javascript js: custom-init: use ~~/init.js instead of ~~/.init.js (dot) 2021-10-19 15:43:39 +03:00
lua osc.lua: avoid infinite ticks loop on idle 2021-10-03 19:52:58 +03:00
audio.c audio: check ao driver init failure to avoid use after free 2021-07-13 15:16:59 +00:00
client.c client API: inactivate the opengl_cb API 2020-09-03 14:52:11 +02:00
client.h scripting: remove race condition when toggling internal scripts 2020-03-26 23:59:44 +01:00
command.c command: with lavfi-complex, make current-tracks return the first one 2021-10-15 15:11:00 +00:00
command.h command: add internal INPUT_PROCESSED event 2020-11-16 20:29:58 +02:00
configfiles.c options: add watch-later-options 2021-07-21 13:19:28 +00:00
core.h player: add track-list/N/image sub-property 2021-10-14 15:39:07 +00:00
external_files.c player: eac3 to the whitelist of audio extensions 2021-07-30 08:20:22 -05:00
external_files.h player: add automatic loading of external cover art files 2020-09-28 00:12:52 +02:00
javascript.c js: fix tiny leaks if js_try throws(!) 2021-07-23 17:50:24 +03:00
loadfile.c player: add track-list/N/image sub-property 2021-10-14 15:39:07 +00:00
lua.c lua: makenode: prevent lua stack corruption 2021-10-20 12:07:30 +03:00
main.c options: add watch-later-options 2021-07-21 13:19:28 +00:00
misc.c audio: refactor how data is passed to AO 2020-08-29 13:12:32 +02:00
osd.c player: add --term-title option 2020-05-25 20:39:37 +02:00
playloop.c player: fix missed pause state update during reset in some cases 2021-07-18 12:22:55 +02:00
screenshot.c screenshot: add --screenshot-sw option 2020-10-05 00:16:46 +02:00
screenshot.h
scripting.c player/scripting: fix use-after-free when loading script folders 2021-04-08 23:47:35 +03:00
sub.c sub: align ytdl-hook secondary subs to the top 2021-08-11 18:15:35 +00:00
video.c sub: show subs without duration on vid change 2021-08-13 17:16:43 +00:00