bug report for Lua 5.2.4: signed integer overflow

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

bug report for Lua 5.2.4: signed integer overflow

Josh Haberman
At Google we discovered a signed integer overflow bug in Lua 5.2.4. This was discovered with "clang -fsanitize=signed-integer-overflow".

A fix for the bug is:

==== /src/llimits.h ====
--- src/llimits.h 2017-04-13 11:11:17.000000000 -0700
+++ src/llimits.h 2017-06-12 09:35:15.000000000 -0700
@@ -229,9 +229,13 @@
     volatile union luai_Cast u; u.l_d = (n) + 6755399441055744.0; \
     (i) = (t)u.l_p[LUA_IEEEENDIANLOC]; }
 
-#define luai_hashnum(i,n)  \
-  { volatile union luai_Cast u; u.l_d = (n) + 1.0;  /* avoid -0 */ \
-    (i) = u.l_p[0]; (i) += u.l_p[1]; }  /* add double bits for his hash */
+#define luai_hashnum(i, n)            \
+  {                                   \
+    volatile union luai_Cast u;       \
+    u.l_d = (n) + 1.0; /* avoid -0 */ \
+    (i) = u.l_p[0];                   \
+    (i) += (lu_int32)(u.l_p[1]);      \
+  } /* add double bits for his hash */
 
 #define lua_number2int(i,n) lua_number2int32(i, n, int)
 #define lua_number2unsigned(i,n) lua_number2int32(i, n, lua_Unsigned)
Reply | Threaded
Open this post in threaded view
|

Re: bug report for Lua 5.2.4: signed integer overflow

Jonathan Goble
On Wed, Jun 14, 2017 at 5:50 PM Josh Haberman <[hidden email]> wrote:
At Google we discovered a signed integer overflow bug in Lua 5.2.4. This was discovered with "clang -fsanitize=signed-integer-overflow".
 
Roberto or Luiz can correct me if I'm wrong, but I believe Lua 5.2 is no longer supported. Additionally, according to the symbol index [1], the luai_hashnum macro does not exist in Lua 5.3.

[1] https://www.lua.org/source/5.3/idx.html
Reply | Threaded
Open this post in threaded view
|

Re: bug report for Lua 5.2.4: signed integer overflow

Jay Carlson
On Jun 14, 2017, at 6:55 PM, Jonathan Goble <[hidden email]> wrote:

> Roberto or Luiz can correct me if I'm wrong, but I believe Lua 5.2 is no longer supported.

There’s obviously *somebody* supporting Lua 5.2. :-)

Jay


signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bug report for Lua 5.2.4: signed integer overflow

Roberto Ierusalimschy
In reply to this post by Jonathan Goble
> On Wed, Jun 14, 2017 at 5:50 PM Josh Haberman <[hidden email]> wrote:
>
> > At Google we discovered a signed integer overflow bug in Lua 5.2.4. This
> > was discovered with "clang -fsanitize=signed-integer-overflow".
> >
>
> Roberto or Luiz can correct me if I'm wrong, but I believe Lua 5.2 is no
> longer supported. Additionally, according to the symbol index [1], the
> luai_hashnum macro does not exist in Lua 5.3.

Indeed, we do not intend to do new releases for Lua 5.2 (specially for
a bug that is mostly theoretical), but thanks for the report all the same.

-- Roberto