BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
Lua documentation says that lua_tostring() returns a pointer that remains
valid as long as the object is not removed from the stack.
However there are some places were we use the returned string AFTER the
corresponding object is removed from the stack. In practise this doesn't
seem to cause visible bugs (probably because the pointer remains valid
waiting for a GC cycle), but let's fix that to comply with the
documentation and avoid undefined behavior.
It should be backported in all stable versions.
(cherry picked from commit 5508db9a20d995804edccd48144292ab1b8d8b08)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit f4dc0816327b446ad4af63d458c9f9bfdbf9fc53)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 93361a59ff27132c1a151ab5480713e74be4fb42)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit bb913d77b4678691460009bd3a040cb677b6d0bf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 72d755a063261ccb02b5cbf2f2ad5b5e23b9cd4a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/hlua.c b/src/hlua.c
index 40e337e..528344b 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -1442,12 +1442,15 @@
break;
}
msg = lua_tostring(lua->T, -1);
- lua_settop(lua->T, 0); /* Empty the stack. */
trace = hlua_traceback(lua->T, ", ");
if (msg)
lua_pushfstring(lua->T, "[state-id %d] runtime error: %s from %s", lua->state_id, msg, trace);
else
lua_pushfstring(lua->T, "[state-id %d] unknown runtime error from %s", lua->state_id, trace);
+
+ /* Move the error msg at the top and then empty the stack except last msg */
+ lua_insert(lua->T, -lua_gettop(lua->T));
+ lua_settop(lua->T, 1);
ret = HLUA_E_ERRMSG;
break;
@@ -1464,11 +1467,14 @@
break;
}
msg = lua_tostring(lua->T, -1);
- lua_settop(lua->T, 0); /* Empty the stack. */
if (msg)
lua_pushfstring(lua->T, "[state-id %d] message handler error: %s", lua->state_id, msg);
else
lua_pushfstring(lua->T, "[state-id %d] message handler error", lua->state_id);
+
+ /* Move the error msg at the top and then empty the stack except last msg */
+ lua_insert(lua->T, -lua_gettop(lua->T));
+ lua_settop(lua->T, 1);
ret = HLUA_E_ERRMSG;
break;
@@ -8683,12 +8689,13 @@
if (!kind)
kind = "runtime error";
msg = lua_tostring(L, -1);
- lua_settop(L, 0); /* Empty the stack. */
trace = hlua_traceback(L, ", ");
if (msg)
ha_alert("Lua init: %s: '%s' from %s\n", kind, msg, trace);
else
ha_alert("Lua init: unknown %s from %s\n", kind, trace);
+
+ lua_settop(L, 0); /* Empty the stack. */
return_status = 0;
break;