1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
diff --git a/deps/lua/src/lbaselib.c b/deps/lua/src/lbaselib.c
index 2ab550bd48d..26172d15b40 100644
--- deps/lua/src/lbaselib.c
+++ deps/lua/src/lbaselib.c
@@ -340,13 +340,14 @@ static int luaB_assert (lua_State *L) {
static int luaB_unpack (lua_State *L) {
- int i, e, n;
+ int i, e;
+ unsigned int n;
luaL_checktype(L, 1, LUA_TTABLE);
i = luaL_optint(L, 2, 1);
e = luaL_opt(L, luaL_checkint, 3, luaL_getn(L, 1));
if (i > e) return 0; /* empty range */
- n = e - i + 1; /* number of elements */
- if (n <= 0 || !lua_checkstack(L, n)) /* n <= 0 means arith. overflow */
+ n = (unsigned int)e - (unsigned int)i; /* number of elements minus 1 */
+ if (n >= INT_MAX || !lua_checkstack(L, ++n))
return luaL_error(L, "too many results to unpack");
lua_rawgeti(L, 1, i); /* push arg[i] (avoiding overflow problems) */
while (i++ < e) /* push arg[i + 1...e] */
diff --git a/deps/lua/src/ltable.c b/deps/lua/src/ltable.c
index f75fe19fe39..55575a8ace9 100644
--- deps/lua/src/ltable.c
+++ deps/lua/src/ltable.c
@@ -434,8 +434,7 @@ static TValue *newkey (lua_State *L, Table *t, const TValue *key) {
** search function for integers
*/
const TValue *luaH_getnum (Table *t, int key) {
- /* (1 <= key && key <= t->sizearray) */
- if (cast(unsigned int, key-1) < cast(unsigned int, t->sizearray))
+ if (1 <= key && key <= t->sizearray)
return &t->array[key-1];
else {
lua_Number nk = cast_num(key);
diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
index 333cc2692de..d45c63ceec3 100644
--- tests/unit/scripting.tcl
+++ tests/unit/scripting.tcl
@@ -315,6 +315,45 @@ start_server {tags {"scripting"}} {
set e
} {*against a key*}
+ test {EVAL - Test table unpack with invalid indexes} {
+ catch {run_script { return {unpack({1,2,3}, -2, 2147483647)} } 0} e
+ assert_match {*too many results to unpack*} $e
+ catch {run_script { return {unpack({1,2,3}, 0, 2147483647)} } 0} e
+ assert_match {*too many results to unpack*} $e
+ catch {run_script { return {unpack({1,2,3}, -2147483648, -2)} } 0} e
+ assert_match {*too many results to unpack*} $e
+ set res [run_script { return {unpack({1,2,3}, -1, -2)} } 0]
+ assert_match {} $res
+ set res [run_script { return {unpack({1,2,3}, 1, -1)} } 0]
+ assert_match {} $res
+
+ # unpack with range -1 to 5, verify nil indexes
+ set res [run_script {
+ local function unpack_to_list(t, i, j)
+ local n, v = select('#', unpack(t, i, j)), {unpack(t, i, j)}
+ for i = 1, n do v[i] = v[i] or '_NIL_' end
+ v.n = n
+ return v
+ end
+
+ return unpack_to_list({1,2,3}, -1, 5)
+ } 0]
+ assert_match {_NIL_ _NIL_ 1 2 3 _NIL_ _NIL_} $res
+
+ # unpack with negative range, verify nil indexes
+ set res [run_script {
+ local function unpack_to_list(t, i, j)
+ local n, v = select('#', unpack(t, i, j)), {unpack(t, i, j)}
+ for i = 1, n do v[i] = v[i] or '_NIL_' end
+ v.n = n
+ return v
+ end
+
+ return unpack_to_list({1,2,3}, -2147483648, -2147483646)
+ } 0]
+ assert_match {_NIL_ _NIL_ _NIL_} $res
+ } {}
+
test {EVAL - JSON numeric decoding} {
# We must return the table as a string because otherwise
# Redis converts floats to ints and we get 0 and 1023 instead
|
