nik/lush
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Randomness added to table length computation

Browse Source 
A bad actor could fill only a few entries in a table (power of twos in
decreasing order, see tests) and produce a small table with a huge
length. If your program builds a table with external data and iterates
over its length, this behavior could be an issue.
This commit is contained in:
Roberto Ierusalimschy
2025-07-18 16:18:30 -03:00
parent ccb8b307f1
commit 303f415559
6 changed files with 48 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lapi.c
View File

@@ -440,7 +440,7 @@ LUA_API lua_Unsigned lua_rawlen (lua_State *L, int idx) {
case LUA_VSHRSTR: return cast(lua_Unsigned, tsvalue(o)->shrlen);
case LUA_VLNGSTR: return cast(lua_Unsigned, tsvalue(o)->u.lnglen);
case LUA_VUSERDATA: return cast(lua_Unsigned, uvalue(o)->len);
case LUA_VTABLE: return luaH_getn(hvalue(o));
case LUA_VTABLE: return luaH_getn(L, hvalue(o));
default: return 0;
}
}