RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-14 01:30:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack

Browse Source 
Lua documentation says that lua_tostring() returns a pointer that remains
valid as long as the object is not removed from the stack.

However there are some places were we use the returned string AFTER the
corresponding object is removed from the stack. In practise this doesn't
seem to cause visible bugs (probably because the pointer remains valid
waiting for a GC cycle), but let's fix that to comply with the
documentation and avoid undefined behavior.

It should be backported in all stable versions.
This commit is contained in:
Aurelien DARRAGON 2024-03-01 19:54:16 +01:00
parent 7151076522
commit 5508db9a20
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/hlua.c
View File

@ -1821,12 +1821,15 @@ resume_execution:
break;
}
msg = lua_tostring(lua->T, -1);
lua_settop(lua->T, 0); /* Empty the stack. */
trace = hlua_traceback(lua->T, ", ");
if (msg)
lua_pushfstring(lua->T, "[state-id %d] runtime error: %s from %s", lua->state_id, msg, trace);
else
lua_pushfstring(lua->T, "[state-id %d] unknown runtime error from %s", lua->state_id, trace);
/* Move the error msg at the top and then empty the stack except last msg */
lua_insert(lua->T, -lua_gettop(lua->T));
lua_settop(lua->T, 1);
ret = HLUA_E_ERRMSG;
break;
@ -1843,11 +1846,14 @@ resume_execution:
break;
}
msg = lua_tostring(lua->T, -1);
lua_settop(lua->T, 0); /* Empty the stack. */
if (msg)
lua_pushfstring(lua->T, "[state-id %d] message handler error: %s", lua->state_id, msg);
else
lua_pushfstring(lua->T, "[state-id %d] message handler error", lua->state_id);
/* Move the error msg at the top and then empty the stack except last msg */
lua_insert(lua->T, -lua_gettop(lua->T));
lua_settop(lua->T, 1);
ret = HLUA_E_ERRMSG;
break;
@ -13039,12 +13045,13 @@ int hlua_post_init_state(lua_State *L)
if (!kind)
kind = "runtime error";
msg = lua_tostring(L, -1);
lua_settop(L, 0); /* Empty the stack. */
trace = hlua_traceback(L, ", ");
if (msg)
ha_alert("Lua init: %s: '%s' from %s\n", kind, msg, trace);
else
ha_alert("Lua init: unknown %s from %s\n", kind, trace);
lua_settop(L, 0); /* Empty the stack. */
return_status = 0;
break;