0012-fix-loop-parser.patch
815 Bytes
Expression list with four or more expressions in a 'for' loop can crash the interpreter.
Fetch from: https://www.lua.org/bugs.html#5.3.3-1
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
--- a/src/lparser.c
+++ b/src/lparser.c
@@ -323,6 +323,8 @@
luaK_nil(fs, reg, extra);
}
}
+ if (nexps > nvars)
+ ls->fs->freereg -= nexps - nvars; /* remove extra values */
}
@@ -1160,11 +1162,8 @@
int nexps;
checknext(ls, '=');
nexps = explist(ls, &e);
- if (nexps != nvars) {
+ if (nexps != nvars)
adjust_assign(ls, nvars, nexps, &e);
- if (nexps > nvars)
- ls->fs->freereg -= nexps - nvars; /* remove extra values */
- }
else {
luaK_setoneret(ls->fs, &e); /* close last expression */
luaK_storevar(ls->fs, &lh->v, &e);
--