From: PatR Date: Fri, 24 Jan 2020 20:52:35 +0000 (-0800) Subject: Lua error reporting buffer overflow X-Git-Tag: NetHack-3.7.0_WIP~32 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2fa6292dbb9b6f7f693d07649264656b9354d97;p=nethack Lua error reporting buffer overflow nhl_error() was clobbering the stack. I assume that the 'source' field in the Lua debugging structure is normally a file name, but nethack loads an entire Lua script into one long string because it usually comes out of the DLB container, and 'source' contained the full string. That would overflow the local buffer in nhl_error() if nethack encountered a Lua problem and tried to report it. (In my case, the problem was in a level description file modification.) [Not something under user control unless user can modify dat/*.lua and put the result into $HACKDIR/nhdat.] --- diff --git a/doc/fixes37.0 b/doc/fixes37.0 index cdbe956cd..539ce7f9a 100644 --- a/doc/fixes37.0 +++ b/doc/fixes37.0 @@ -1,4 +1,4 @@ -$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.71 $ $NHDT-Date: 1579655025 2020/01/22 01:03:45 $ +$NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.72 $ $NHDT-Date: 1579899144 2020/01/24 20:52:24 $ General Fixes and Modified Features ----------------------------------- @@ -74,6 +74,7 @@ if running and Blind or Stunned or Fumbling or Dex < 10, encountering a closed data.base lookup of an entry with any blank lines would falsely claim that "'data' file in wrong fromat or corrupted" after some extra checks were added while investigating tab handling anomalies +using nhl_error() to report a Lua processing problem would clobber the stack Platform- and/or Interface-Specific Fixes diff --git a/src/nhlua.c b/src/nhlua.c index f215ea01c..170e3c3ed 100644 --- a/src/nhlua.c +++ b/src/nhlua.c @@ -1,4 +1,4 @@ -/* NetHack 3.7 nhlua.c $NHDT-Date: 1575246766 2019/12/02 00:32:46 $ $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.16 $ */ +/* NetHack 3.7 nhlua.c $NHDT-Date: 1579899144 2020/01/24 20:52:24 $ $NHDT-Branch: NetHack-3.7 $:$NHDT-Revision: 1.28 $ */ /* Copyright (c) 2018 by Pasi Kallinen */ /* NetHack may be freely redistributed. See license for details. */ @@ -44,8 +44,16 @@ const char *msg; lua_getstack(L, 1, &ar); lua_getinfo(L, "lS", &ar); - Sprintf(buf, "%s (line %i%s)", msg, ar.currentline, ar.source); + Sprintf(buf, "%s (line %d ", msg, ar.currentline); + Sprintf(eos(buf), "%.*s)", + /* (max length of ar.short_src is actually LUA_IDSIZE + so this is overkill for it, but crucial for ar.source) */ + (int) (sizeof buf - (strlen(buf) + sizeof ")")), + ar.short_src); /* (used to be 'ar.source' here) */ lua_pushstring(L, buf); +#if 0 /* defined(PANICTRACE) && !defined(NO_SIGNALS) */ + panictrace_setsignals(FALSE); +#endif (void) lua_error(L); /*NOTREACHED*/ }