AP_Scripting: patch vendored Lua to 5.3.6 #29116
Open
+103
−51
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In particular this fixes some exceedingly rare/impossible use-after-frees. Add the new docs from the distribution. To maintain our alterations, the following patches have been applied to the source from upstream's repository (1221e987...75ea9ccb) to bring the source up to date: * Bug: Long brackets with a huge number of '=' causes overflow A long bracket with too many equal signs can overflow the 'int' used for the counting and some arithmetic done on the value. Changing the counter to 'size_t' avoids that. (Because what is counted goes to a buffer, an overflow in the counter will first raise a buffer-overflow error.) * Fixed bug in 'lua_upvaluejoin' Bug-fix: joining an upvalue with itself could cause a use-after-free crash. * Fixed typos in comments * Fixed missing GC barriers in compiler and undump While building a new prototype, the GC needs barriers for every object (strings and nested prototypes) that is attached to the new prototype. * Updated release number and copyright year * Fixed bug: invalid mode can crash 'io.popen' * Fixed bug: Negation overflow in getlocal/setlocal * 'realloc' can fail when shrinking a block According to ISO C, 'realloc' can fail when shrinking a block. If that happens, 'l_alloc' simply ignores the fail and returns the original block. * Fixed bug of long strings in binary chunks When "undumping" a long string, the function 'LoadVector' can call the reader function, which can run the garbage collector, which can collect the string being read. So, the string must be anchored during the call to 'LoadVector'.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In particular this fixes some exceedingly rare/impossible use-after-frees. The serious ones aren't actually accessible in our scripting engine.
To maintain our alterations, I applied source patches generated from the source repository manually instead of simply overwriting the code. Please see the commit message for full details.
Tested by flying scripting aerobatics on SITL on HW on Cube Orange.
The size overhead is negligible: