[Rpm-maint] [rpm-software-management/rpm] Make rpmluaCallStringFunction more robust (PR #1839)

Michael Schroeder notifications at github.com
Mon Nov 22 09:50:31 UTC 2021


Doing the function lookup with calls to lua_getfield is dangerous
because the lookup might trigger an __index function that may
contain an error. This results in the lua library calling abort()
as no exception handler is set.

So change the code to do the lookup via a pcall(). Also do the
string conversion with a pcall() because tostring is also not
safe.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1839

-- Commit Summary --

  * Make rpmluaCallStringFunction more robust

-- File Changes --

    M rpmio/rpmlua.c (62)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1839.patch
https://github.com/rpm-software-management/rpm/pull/1839.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1839
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211122/12107708/attachment.html>


More information about the Rpm-maint mailing list