AP_Scripting: patch vendored Lua to 5.3.6 #29116
Conversation
|
This is missing a patch to Apart from that this is a exact copy of the 4.5 to 4.6 diff. No idea if everything work but I guess we have to trust the lua maintainers to know what there doing. |
|
Thanks for the investigation. I didn't catch that makefile; I did the diff based on the Git repo instead of the archives. But I don't think anybody uses our tree to build for freebsd so I'm going to keep it how it is. For reference, the changes in |
As far as I can tell the git repo is not a official release, only irregularly mirrored. I used source from: https://www.lua.org/ftp/. I'm sure no one will use the freebsd case, the key thing is to get the diff right so we don't get confused when doing future comparisons. We have the makefile in tree now, so we need to keep it in sync with the the version were using. I'm not sure why the repo does not look the same as the release, it is a bit odd. We should probably add to the AP_Scripting readme where exactly the source is from. |
In particular this fixes some exceedingly rare/impossible use-after-frees. Add the new docs from the distribution and clarify where we get our code from. To maintain our alterations, the following patches have been applied to the source from upstream's repository (1221e987...75ea9ccb) to bring the source up to date: * Bug: Long brackets with a huge number of '=' causes overflow A long bracket with too many equal signs can overflow the 'int' used for the counting and some arithmetic done on the value. Changing the counter to 'size_t' avoids that. (Because what is counted goes to a buffer, an overflow in the counter will first raise a buffer-overflow error.) * Fixed bug in 'lua_upvaluejoin' Bug-fix: joining an upvalue with itself could cause a use-after-free crash. * Fixed typos in comments * Fixed missing GC barriers in compiler and undump While building a new prototype, the GC needs barriers for every object (strings and nested prototypes) that is attached to the new prototype. * Updated release number and copyright year * Fixed bug: invalid mode can crash 'io.popen' * Fixed bug: Negation overflow in getlocal/setlocal * 'realloc' can fail when shrinking a block According to ISO C, 'realloc' can fail when shrinking a block. If that happens, 'l_alloc' simply ignores the fail and returns the original block. * Fixed bug of long strings in binary chunks When "undumping" a long string, the function 'LoadVector' can call the reader function, which can run the garbage collector, which can collect the string being read. So, the string must be anchored during the call to 'LoadVector'.
tpwrules
force-pushed
the
pr/lua-5.3.6
branch
from
a301de9 to
9a71aaa
Compare
|
Added those clarifications, thanks. |
|
@IamPete1 looks good to me, but I'd like to give you a chance to review/approve before merging |
In particular this fixes some exceedingly rare/impossible use-after-frees. The serious ones aren't actually accessible in our scripting engine.
To maintain our alterations, I applied source patches generated from the source repository manually instead of simply overwriting the code. Please see the commit message for full details.
Tested by flying scripting aerobatics on SITL on HW on Cube Orange.
The size overhead is negligible: