 |
lua-l archive |
|
|
||
|
On 05/01/2016 21:12, Dirk Laurie wrote:
2016-01-05 19:18 GMT+02:00 Lorenzo Donati <lorenzodonatibz@tiscali.it>:On 01/01/2016 15:30, Roberto Ierusalimschy wrote:``` local mt = {} mt.__newindex = mt local t = setmetatable({}, mt) t[1] = 1The bug is quite subtle. Follows a fix:Although it is subtle, it seems easy to trigger in Lua code.Do you have an example that does not involve making __newindex be the metatable itself?
No. Should I? I said "it seems", so I was asking for clarification.For "easy" I meant that triggering the crash doesn't need complicated instruction sequences or weird values fed to some esoteric function, but just operations a mildly experienced Lua programmer may legitimately try out.
Using the metatable as target for newindex? Well, I cannot say if it is a widespread technique in some weird OO framework, or what could be useful for (too tired now), but it doesn't seem so weird that someone honestly couldn't find a legitimate use for it.
I stand to be corrected, though; constant use of Lua made me reconsider a lot of my OO habits of my Java/C++ past, so I use a more basic OO approach now and tend to shun heavy OO contraptions. Therefore I'm a bit "rusted" on what are "legitimate/useful" metatable tricks.
OTOH, please, keep in mind that we are not talking about a simple misbehavior of the Lua engine, but a straightaway crash, so a real showstopper and a potential security risk.
Having the latest Lua source with such a bug in it is not something particularly good, IMHO. At least from a "marketing" POV.
This is especially true for new users, with little experience with C and unable to apply the patch suggested by Roberto. And this is more important because the standard distro is source only, so a newbie cannot simply download a patched binary and be happy with it.
My 2eurocent, anyway. Cheers! -- Lorenzo