Recently, a few users of my CodeFlow IDE, embedding Lua 5.2.4, got many application crashes. After investigating the problem, I found that the root cause was in the Lua parser: under some conditions, the Lua parser could GC a long string corresponding to a name or string token, while this token was still being processed, which could have nasty consequences and lead to the crash of the application embedding Lua.
I'm perfectly aware that the 5.2 branch is not maintained anymore, but there are still people using it, and they might bump into the same issue, and I hope that this post might help them.
So back to the bug: making the parser crash can be as easy as writing:
function f () end
someVeryLongIdentiferConvertedByLuaAsALongString = 0
What happens here is that the token string created after the function 'end' is not correctly anchored to the calling funcstate if it is a long string, so if the GC triggers, it can be freed and overwritten by something else…