Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: possible bug in liblua/lparser.c

From: Patrick Donnelly <batrick () batbytes com>
Date: Fri, 3 Dec 2010 14:36:05 -0500
On Fri, Dec 3, 2010 at 3:35 AM, Vita Cizek <vcizek () suse cz> wrote:

Hi,
This appears in both 5.21 and devel versions.
In liblua/lparser.c, close_func():

The fs pointer points to a valid memory, it is dereferenced in
a few places, thus can't be NULL at the test point, I guess.

static void close_func (LexState *ls) {
 lua_State *L = ls->L;
 FuncState *fs = ls->fs;
 Proto *f = fs->f;        <-- first dereferenced here

...

 ls->fs = fs->prev;
 L->top -= 2;  /* remove table and prototype from the stack */
 /* last token read was anchored in defunct function; must reanchor it */
 if (fs) anchor_token(ls);       <-- this NULL test
}


This was recently brought up on the Lua mailing list. It is not a bug
and will be removed in a future version of Lua.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: