[vlc-devel] [vlc-commits] commit: lua/net.c: revert [14707cbaca9fa] and fix properly ( Rafaël Carré )

Rémi Denis-Courmont remi at remlab.net
Mon May 10 21:28:43 CEST 2010


Le lundi 10 mai 2010 22:00:10 Rafaël Carré, vous avez écrit :
> On Mon, 10 May 2010 19:24:26 +0300
> 
> "Rémi Denis-Courmont" <remi at remlab.net> wrote:
> > Le lundi 10 mai 2010 18:05:41 git at videolan.org, vous avez écrit :
> > > vlc | branch: master | Rafaël Carré <rafael.carre at gmail.com> | Mon
> > > May 10 17:04:05 2010 +0200|
> > > [087442fc1e36298dfbef018401b39d72249a17a9] | committer: Rafaël Carré
> > > 
> > > lua/net.c: revert [14707cbaca9fa] and fix properly
> > > 
> > > Always return 1 argument, but avoid pushing 0xffffffff bytes on the
> > > stack Also fix vlclua_fd_read()
> 
> Hi,
> 
> > It can still crash. As an example, VLC threads have a 512kb stack on
> > 32-bits Linux. Not 2 gigabytes.
> 
> It's the lua own stack : http://pgl.yoyo.org/luai/i/lua_pushlstring
> 
> Not the process stack so it won't crash.

Oh really?

| static int vlclua_net_recv( lua_State *L )
| {
|     int i_fd = luaL_checkint( L, 1 );
|     size_t i_len = luaL_optint( L, 2, 1 );
|     char psz_buffer[i_len];
                     ^^^^^^^
Then you can surely explain what this is?

|     ssize_t i_ret = recv( i_fd, psz_buffer, i_len, 0 );
|     lua_pushlstring( L, psz_buffer, (i_ret >= 0) ? i_ret : 0 );
|     return 1;
| }

> If it still does I don't know how what's wrong, only look this far:
> - lua_push*string() does allocation
> - 'pushing 0xffffffff bytes on the stack' referred to vlclua_fd_read(),
>   not the code I reverted. I just wanted to use the same code in both
>   functions, but I guess return 0 without pushlstring would work too.

vlclua_fd_read() still has the exact same unbounded stack allocation.

-- 
Rémi Denis-Courmont
http://www.remlab.net/
http://fi.linkedin.com/in/remidenis



More information about the vlc-devel mailing list