Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

possible bug in liblua/lparser.c

From: Vita Cizek <vcizek () suse cz>
Date: Fri, 3 Dec 2010 09:35:44 +0100
Hi,
This appears in both 5.21 and devel versions.
In liblua/lparser.c, close_func():

The fs pointer points to a valid memory, it is dereferenced in
a few places, thus can't be NULL at the test point, I guess.

static void close_func (LexState *ls) {
  lua_State *L = ls->L;
  FuncState *fs = ls->fs;
  Proto *f = fs->f;        <-- first dereferenced here

...

  ls->fs = fs->prev;
  L->top -= 2;  /* remove table and prototype from the stack */
  /* last token read was anchored in defunct function; must reanchor it */
  if (fs) anchor_token(ls);       <-- this NULL test
}


--
Vitezslav Cizek
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: