From: PatR <rankin@nethack.org>
Date: Fri, 24 Jan 2020 20:52:35 +0000 (-0800)
Subject: Lua error reporting buffer overflow
X-Git-Tag: NetHack-3.7.0_WIP~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2fa6292dbb9b6f7f693d07649264656b9354d97;p=nethack

Lua error reporting buffer overflow

nhl_error() was clobbering the stack.  I assume that the 'source'
field in the Lua debugging structure is normally a file name, but
nethack loads an entire Lua script into one long string because it
usually comes out of the DLB container, and 'source' contained the
full string.  That would overflow the local buffer in nhl_error()
if nethack encountered a Lua problem and tried to report it. (In
my case, the problem was in a level description file modification.)

[Not something under user control unless user can modify dat/*.lua
and put the result into $HACKDIR/nhdat.]
---

diff --git a/doc/fixes37.0 b/doc/fixes37.0
index cdbe956cd..539ce7f9a 100644
--- a/doc/fixes37.0
+++ b/doc/fixes37.0
@@ -1,4 +1,4 @@
-$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.71 $ $NHDT-Date: 1579655025 2020/01/22 01:03:45 $
+$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.72 $ $NHDT-Date: 1579899144 2020/01/24 20:52:24 $
 
 General Fixes and Modified Features
 -----------------------------------
@@ -74,6 +74,7 @@ if running and Blind or Stunned or Fumbling or Dex < 10, encountering a closed
 data.base lookup of an entry with any blank lines would falsely claim that
 	"'data' file in wrong fromat or corrupted" after some extra checks
 	were added while investigating tab handling anomalies
+using nhl_error() to report a Lua processing problem would clobber the stack
 
 
 Platform- and/or Interface-Specific Fixes
diff --git a/src/nhlua.c b/src/nhlua.c
index f215ea01c..170e3c3ed 100644
--- a/src/nhlua.c
+++ b/src/nhlua.c
@@ -1,4 +1,4 @@
-/* NetHack 3.7	nhlua.c	$NHDT-Date: 1575246766 2019/12/02 00:32:46 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.16 $ */
+/* NetHack 3.7	nhlua.c	$NHDT-Date: 1579899144 2020/01/24 20:52:24 $  $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.28 $ */
 /*      Copyright (c) 2018 by Pasi Kallinen */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -44,8 +44,16 @@ const char *msg;
 
     lua_getstack(L, 1, &ar);
     lua_getinfo(L, "lS", &ar);
-    Sprintf(buf, "%s (line %i%s)", msg, ar.currentline, ar.source);
+    Sprintf(buf, "%s (line %d ", msg, ar.currentline);
+    Sprintf(eos(buf), "%.*s)",
+            /* (max length of ar.short_src is actually LUA_IDSIZE
+               so this is overkill for it, but crucial for ar.source) */
+            (int) (sizeof buf - (strlen(buf) + sizeof ")")),
+            ar.short_src); /* (used to be 'ar.source' here) */
     lua_pushstring(L, buf);
+#if 0 /* defined(PANICTRACE) && !defined(NO_SIGNALS) */
+    panictrace_setsignals(FALSE);
+#endif
     (void) lua_error(L);
     /*NOTREACHED*/
 }