From 82d721a8554df9b14ff520b4dd55ce5303ab560e Mon Sep 17 00:00:00 2001 From: Roberto I Date: Wed, 10 Dec 2025 10:35:05 -0300 Subject: [PATCH 01/23] Format adjust in the manual Lists in inline code don't get a space after commas. (That keeps the code more compact and avoids line breaks in the middle of the code.) --- manual/manual.of | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/manual/manual.of b/manual/manual.of index 317adcaa4d..5fa4e097e1 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -2091,12 +2091,12 @@ Note that keys that are not positive integers do not interfere with borders. A table with exactly one border is called a @def{sequence}. -For instance, the table @T{{10, 20, 30, 40, 50}} is a sequence, +For instance, the table @T{{10,20,30,40,50}} is a sequence, as it has only one border (5). -The table @T{{10, 20, 30, nil, 50}} has two borders (3 and 5), +The table @T{{10,20,30,nil,50}} has two borders (3 and 5), and therefore it is not a sequence. (The @nil at index 4 is called a @emphx{hole}.) -The table @T{{nil, 20, 30, nil, nil, 60, nil}} +The table @T{{nil,20,30,nil,nil,60,nil}} has three borders (0, 3, and 6), so it is not a sequence, too. The table @T{{}} is a sequence with border 0. @@ -2449,22 +2449,22 @@ These are the places where Lua expects a list of expressions: @description{ @item{A @rw{return} statement, -for instance @T{return e1, e2, e3} @see{control}.} +for instance @T{return e1,e2,e3} @see{control}.} @item{A table constructor, -for instance @T{{e1, e2, e3}} @see{tableconstructor}.} +for instance @T{{e1,e2,e3}} @see{tableconstructor}.} @item{The arguments of a function call, -for instance @T{foo(e1, e2, e3)} @see{functioncall}.} +for instance @T{foo(e1,e2,e3)} @see{functioncall}.} @item{A multiple assignment, -for instance @T{a, b, c = e1, e2, e3} @see{assignment}.} +for instance @T{a,b,c = e1,e2,e3} @see{assignment}.} @item{A local or global declaration, which is similar to a multiple assignment.} @item{The initial values in a generic @rw{for} loop, -for instance @T{for k in e1, e2, e3 do ... end} @see{for}.} +for instance @T{for k in e1,e2,e3 do ... end} @see{for}.} } In the last four cases, @@ -2501,7 +2501,7 @@ we recommend assigning the vararg expression to a single variable and using that variable in its place. -Here are some examples of uses of mutlres expressions. +Here are some examples of uses of multires expressions. In all cases, when the construction needs @Q{the n-th result} and there is no such result, it uses a @nil. @@ -3107,7 +3107,7 @@ void *luaL_alloc (void *ud, void *ptr, size_t osize, } Note that @N{ISO C} ensures that @T{free(NULL)} has no effect and that -@T{realloc(NULL, size)} is equivalent to @T{malloc(size)}. +@T{realloc(NULL,size)} is equivalent to @T{malloc(size)}. } @@ -3879,7 +3879,7 @@ is a seed for the hashing of strings. @apii{0,1,m} Creates a new empty table and pushes it onto the stack. -It is equivalent to @T{lua_createtable(L, 0, 0)}. +It is equivalent to @T{lua_createtable(L,0,0)}. } @@ -5583,7 +5583,7 @@ Its pattern of use is as follows: @item{First declare a variable @id{b} of type @Lid{luaL_Buffer}.} -@item{Then initialize it with a call @T{luaL_buffinit(L, &b)}.} +@item{Then initialize it with a call @T{luaL_buffinit(L,&b)}.} @item{ Then add string pieces to the buffer calling any of @@ -5604,12 +5604,12 @@ you can use the buffer like this: @item{First declare a variable @id{b} of type @Lid{luaL_Buffer}.} @item{Then initialize it and preallocate a space of -size @id{sz} with a call @T{luaL_buffinitsize(L, &b, sz)}.} +size @id{sz} with a call @T{luaL_buffinitsize(L,&b,sz)}.} @item{Then produce the string into that space.} @item{ -Finish by calling @T{luaL_pushresultsize(&b, sz)}, +Finish by calling @T{luaL_pushresultsize(&b,sz)}, where @id{sz} is the total size of the resulting string copied into that space (which may be less than or equal to the preallocated size). @@ -6214,7 +6214,7 @@ You should not manually set integer keys in the table after the first use of @Lid{luaL_ref}. You can retrieve an object referred by the reference @id{r} -by calling @T{lua_rawgeti(L, t, r)} or @T{lua_geti(L, t, r)}. +by calling @T{lua_rawgeti(L,t,r)} or @T{lua_geti(L,t,r)}. The function @Lid{luaL_unref} frees a reference. If the object on the top of the stack is @nil, @@ -7744,7 +7744,7 @@ If @id{j} is absent, then it is assumed to be equal to @num{-1} In particular, the call @T{string.sub(s,1,j)} returns a prefix of @id{s} with length @id{j}, -and @T{string.sub(s, -i)} (for a positive @id{i}) +and @T{string.sub(s,-i)} (for a positive @id{i}) returns a suffix of @id{s} with length @id{i}. @@ -8180,7 +8180,7 @@ the function returns @fail. A negative @id{n} gets characters before position @id{i}. The default for @id{i} is 1 when @id{n} is non-negative and @T{#s + 1} otherwise, -so that @T{utf8.offset(s, -n)} gets the offset of the +so that @T{utf8.offset(s,-n)} gets the offset of the @id{n}-th character from the end of the string. As a special case, @@ -8233,7 +8233,7 @@ the table will have; its default is zero. Inserts element @id{value} at position @id{pos} in @id{list}, shifting up the elements -@T{list[pos], list[pos+1], @Cdots, list[#list]}. +@T{list[pos],list[pos+1],@Cdots,list[#list]}. The default value for @id{pos} is @T{#list+1}, so that a call @T{table.insert(t,x)} inserts @id{x} at the end of the list @id{t}. @@ -8271,7 +8271,7 @@ Removes from @id{list} the element at position @id{pos}, returning the value of the removed element. When @id{pos} is an integer between 1 and @T{#list}, it shifts down the elements -@T{list[pos+1], list[pos+2], @Cdots, list[#list]} +@T{list[pos+1],list[pos+2],@Cdots,list[#list]} and erases element @T{list[#list]}; The index @id{pos} can also be 0 when @T{#list} is 0, or @T{#list + 1}. From 3d03ae5bd6314f27c8635e06ec363150c2c19062 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sat, 13 Dec 2025 11:00:30 -0300 Subject: [PATCH 02/23] 'luaL_newstate' starts state with warnings on It is easier to forget to turn them on then to turn them off. --- lauxlib.c | 2 +- lua.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lauxlib.c b/lauxlib.c index 1bb41bb1da..7cf90cb78a 100644 --- a/lauxlib.c +++ b/lauxlib.c @@ -1185,7 +1185,7 @@ LUALIB_API lua_State *(luaL_newstate) (void) { lua_State *L = lua_newstate(luaL_alloc, NULL, luaL_makeseed(NULL)); if (l_likely(L)) { lua_atpanic(L, &panic); - lua_setwarnf(L, warnfoff, L); /* default is warnings off */ + lua_setwarnf(L, warnfon, L); } return L; } diff --git a/lua.c b/lua.c index b2967a447d..5054583de9 100644 --- a/lua.c +++ b/lua.c @@ -349,6 +349,7 @@ static int collectargs (char **argv, int *first) { */ static int runargs (lua_State *L, char **argv, int n) { int i; + lua_warning(L, "@off", 0); /* by default, Lua stand-alone has warnings off */ for (i = 1; i < n; i++) { int option = argv[i][1]; lua_assert(argv[i][0] == '-'); /* already checked */ @@ -725,7 +726,7 @@ static int pmain (lua_State *L) { if (handle_luainit(L) != LUA_OK) /* run LUA_INIT */ return 0; /* error running LUA_INIT */ } - if (!runargs(L, argv, optlim)) /* execute arguments -e and -l */ + if (!runargs(L, argv, optlim)) /* execute arguments -e, -l, and -W */ return 0; /* something failed */ if (script > 0) { /* execute main script (if there is one) */ if (handle_script(L, argv + script) != LUA_OK) From a5522f06d2679b8f18534fd6a9968f7eb539dc31 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sat, 13 Dec 2025 16:16:59 -0300 Subject: [PATCH 03/23] GC checks stack space before running finalizer If the stack does not have some minimum available space, the GC defers calling a finalizer until the next cycle. That avoids errors while running a finalizer that the programmer cannot control. --- ldo.c | 11 +++++++++++ ldo.h | 1 + lgc.c | 7 ++++--- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ldo.c b/ldo.c index 75ce14889a..6d0184ecd5 100644 --- a/ldo.c +++ b/ldo.c @@ -220,6 +220,17 @@ l_noret luaD_errerr (lua_State *L) { } +/* +** Check whether stack has enough space to run a simple function (such +** as a finalizer): At least BASIC_STACK_SIZE in the Lua stack and +** 2 slots in the C stack. +*/ +int luaD_checkminstack (lua_State *L) { + return ((stacksize(L) < MAXSTACK - BASIC_STACK_SIZE) && + (getCcalls(L) < LUAI_MAXCCALLS - 2)); +} + + /* ** In ISO C, any pointer use after the pointer has been deallocated is ** undefined behavior. So, before a stack reallocation, all pointers diff --git a/ldo.h b/ldo.h index 2d4ca8be46..b64729541c 100644 --- a/ldo.h +++ b/ldo.h @@ -89,6 +89,7 @@ LUAI_FUNC int luaD_reallocstack (lua_State *L, int newsize, int raiseerror); LUAI_FUNC int luaD_growstack (lua_State *L, int n, int raiseerror); LUAI_FUNC void luaD_shrinkstack (lua_State *L); LUAI_FUNC void luaD_inctop (lua_State *L); +LUAI_FUNC int luaD_checkminstack (lua_State *L); LUAI_FUNC l_noret luaD_throw (lua_State *L, TStatus errcode); LUAI_FUNC l_noret luaD_throwbaselevel (lua_State *L, TStatus errcode); diff --git a/lgc.c b/lgc.c index 60f042c7a8..c64d74b8e8 100644 --- a/lgc.c +++ b/lgc.c @@ -1293,7 +1293,7 @@ static void finishgencycle (lua_State *L, global_State *g) { correctgraylists(g); checkSizes(L, g); g->gcstate = GCSpropagate; /* skip restart */ - if (!g->gcemergency) + if (!g->gcemergency && luaD_checkminstack(L)) callallpendingfinalizers(L); } @@ -1667,12 +1667,13 @@ static l_mem singlestep (lua_State *L, int fast) { break; } case GCScallfin: { /* call finalizers */ - if (g->tobefnz && !g->gcemergency) { + if (g->tobefnz && !g->gcemergency && luaD_checkminstack(L)) { g->gcstopem = 0; /* ok collections during finalizers */ GCTM(L); /* call one finalizer */ stepresult = CWUFIN; } - else { /* emergency mode or no more finalizers */ + else { /* no more finalizers or emergency mode or no enough stack + to run finalizers */ g->gcstate = GCSpause; /* finish collection */ stepresult = step2pause; } From 578ae5745cecee56d48795cd4ae1eaf13618715c Mon Sep 17 00:00:00 2001 From: Roberto I Date: Tue, 23 Dec 2025 14:44:06 -0300 Subject: [PATCH 04/23] Details typo in comment + formatting + logical 'and' was written as a bitwise operation (makes code more fragile) --- lapi.c | 2 +- lgc.c | 2 +- lstrlib.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lapi.c b/lapi.c index 27fa524797..42c8fcdd70 100644 --- a/lapi.c +++ b/lapi.c @@ -366,7 +366,7 @@ LUA_API int lua_compare (lua_State *L, int index1, int index2, int op) { } -LUA_API unsigned (lua_numbertocstring) (lua_State *L, int idx, char *buff) { +LUA_API unsigned lua_numbertocstring (lua_State *L, int idx, char *buff) { const TValue *o = index2value(L, idx); if (ttisnumber(o)) { unsigned len = luaO_tostringbuff(o, buff); diff --git a/lgc.c b/lgc.c index c64d74b8e8..f1d9a7ce8a 100644 --- a/lgc.c +++ b/lgc.c @@ -1672,7 +1672,7 @@ static l_mem singlestep (lua_State *L, int fast) { GCTM(L); /* call one finalizer */ stepresult = CWUFIN; } - else { /* no more finalizers or emergency mode or no enough stack + else { /* no more finalizers or emergency mode or not enough stack to run finalizers */ g->gcstate = GCSpause; /* finish collection */ stepresult = step2pause; diff --git a/lstrlib.c b/lstrlib.c index 23df839ea0..e26eb1a8de 100644 --- a/lstrlib.c +++ b/lstrlib.c @@ -968,7 +968,7 @@ static int str_gsub (lua_State *L) { reprepstate(&ms); /* (re)prepare state for new match */ if ((e = match(&ms, src, p)) != NULL && e != lastmatch) { /* match? */ n++; - changed = add_value(&ms, &b, src, e, tr) | changed; + changed = add_value(&ms, &b, src, e, tr) || changed; src = lastmatch = e; } else if (src < ms.src_end) /* otherwise, skip one character */ From 632a71b24d8661228a726deb5e1698e9638f96d8 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sat, 27 Dec 2025 16:22:13 -0300 Subject: [PATCH 05/23] BUG: Arithmetic overflow in 'collectgarbage"step"' The computation of a new debt could overflow when we give a too large step to 'collectgarbage"step"' and the current debt was already negative. This is only an issue if your platform cares for it or if you compile Lua with an option like '-fsanitize=undefined'. --- lapi.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lapi.c b/lapi.c index 42c8fcdd70..9b6ca1ecfb 100644 --- a/lapi.c +++ b/lapi.c @@ -1201,11 +1201,16 @@ LUA_API int lua_gc (lua_State *L, int what, ...) { case LUA_GCSTEP: { lu_byte oldstp = g->gcstp; l_mem n = cast(l_mem, va_arg(argp, size_t)); + l_mem newdebt; int work = 0; /* true if GC did some work */ g->gcstp = 0; /* allow GC to run (other bits must be zero here) */ if (n <= 0) - n = g->GCdebt; /* force to run one basic step */ - luaE_setdebt(g, g->GCdebt - n); + newdebt = 0; /* force to run one basic step */ + else if (g->GCdebt >= n - MAX_LMEM) /* no overflow? */ + newdebt = g->GCdebt - n; + else /* overflow */ + newdebt = -MAX_LMEM; /* set debt to miminum value */ + luaE_setdebt(g, newdebt); luaC_condGC(L, (void)0, work = 1); if (work && g->gcstate == GCSpause) /* end of cycle? */ res = 1; /* signal it */ From c4e2c91973fed04e7da940c00c92f10f9eb0f9ec Mon Sep 17 00:00:00 2001 From: Roberto I Date: Tue, 30 Dec 2025 10:50:49 -0300 Subject: [PATCH 06/23] Details Some comments still talked about bit 'isrealasize', which has been removed. --- ltable.c | 7 +++---- ltm.h | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ltable.c b/ltable.c index b7f88f6ffe..2f61be84b2 100644 --- a/ltable.c +++ b/ltable.c @@ -651,10 +651,9 @@ static void reinserthash (lua_State *L, Table *ot, Table *t) { /* -** Exchange the hash part of 't1' and 't2'. (In 'flags', only the -** dummy bit must be exchanged: The 'isrealasize' is not related -** to the hash part, and the metamethod bits do not change during -** a resize, so the "real" table can keep their values.) +** Exchange the hash part of 't1' and 't2'. (In 'flags', only the dummy +** bit must be exchanged: The metamethod bits do not change during a +** resize, so the "real" table can keep their values.) */ static void exchangehashpart (Table *t1, Table *t2) { lu_byte lsizenode = t1->lsizenode; diff --git a/ltm.h b/ltm.h index 07fc8c1c98..afc7ad00e2 100644 --- a/ltm.h +++ b/ltm.h @@ -49,7 +49,7 @@ typedef enum { ** Mask with 1 in all fast-access methods. A 1 in any of these bits ** in the flag of a (meta)table means the metatable does not have the ** corresponding metamethod field. (Bit 6 of the flag indicates that -** the table is using the dummy node; bit 7 is used for 'isrealasize'.) +** the table is using the dummy node.) */ #define maskflags cast_byte(~(~0u << (TM_EQ + 1))) From 962f444a755882ecfc24ca7e96ffe193d64ed12d Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sun, 4 Jan 2026 16:27:54 -0300 Subject: [PATCH 07/23] Details In an assignment like 'a = &b', is looks suspicious if 'a' has a scope larger than 'b'. --- ltable.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ltable.c b/ltable.c index 2f61be84b2..2f2b5c1f5c 100644 --- a/ltable.c +++ b/ltable.c @@ -1155,14 +1155,15 @@ void luaH_finishset (lua_State *L, Table *t, const TValue *key, lua_assert(hres != HOK); if (hres == HNOTFOUND) { TValue aux; + const TValue *actk = key; /* actual key to insert */ if (l_unlikely(ttisnil(key))) luaG_runerror(L, "table index is nil"); else if (ttisfloat(key)) { lua_Number f = fltvalue(key); lua_Integer k; - if (luaV_flttointeger(f, &k, F2Ieq)) { - setivalue(&aux, k); /* key is equal to an integer */ - key = &aux; /* insert it as an integer */ + if (luaV_flttointeger(f, &k, F2Ieq)) { /* is key equal to an integer? */ + setivalue(&aux, k); + actk = &aux; /* use the integer as the key */ } else if (l_unlikely(luai_numisnan(f))) luaG_runerror(L, "table index is NaN"); @@ -1175,7 +1176,7 @@ void luaH_finishset (lua_State *L, Table *t, const TValue *key, L->top.p--; return; } - luaH_newkey(L, t, key, value); + luaH_newkey(L, t, actk, value); } else if (hres > 0) { /* regular Node? */ setobj2t(L, gval(gnode(t, hres - HFIRSTNODE)), value); From 45c7ae5b1b05069543fe1710454c651350bc1c42 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sun, 4 Jan 2026 16:31:17 -0300 Subject: [PATCH 08/23] BUG: Possible overflow in 'string.packsize' 'string.packsize' can overflow result in 32-bit machines using 64-bit integers, as LUA_MAXINTEGER may not fit into size_t. --- lstrlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lstrlib.c b/lstrlib.c index e26eb1a8de..06ea10d9f6 100644 --- a/lstrlib.c +++ b/lstrlib.c @@ -1726,7 +1726,7 @@ static int str_packsize (lua_State *L) { luaL_argcheck(L, opt != Kstring && opt != Kzstr, 1, "variable-length format"); size += ntoalign; /* total space used by option */ - luaL_argcheck(L, totalsize <= LUA_MAXINTEGER - size, + luaL_argcheck(L, totalsize <= MAX_SIZE - size, 1, "format result too large"); totalsize += size; } From 5cfc725a8b61a6f96c7324f60ac26739315095ba Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sun, 4 Jan 2026 16:39:22 -0300 Subject: [PATCH 09/23] Special case for 'string.rep' over an empty string --- lauxlib.h | 6 +++--- lstrlib.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lauxlib.h b/lauxlib.h index 7f1d3ca195..2d015362ff 100644 --- a/lauxlib.h +++ b/lauxlib.h @@ -81,8 +81,8 @@ LUALIB_API int (luaL_checkoption) (lua_State *L, int arg, const char *def, LUALIB_API int (luaL_fileresult) (lua_State *L, int stat, const char *fname); LUALIB_API int (luaL_execresult) (lua_State *L, int stat); -LUALIB_API void *luaL_alloc (void *ud, void *ptr, size_t osize, - size_t nsize); +LUALIB_API void *(luaL_alloc) (void *ud, void *ptr, size_t osize, + size_t nsize); /* predefined references */ @@ -103,7 +103,7 @@ LUALIB_API int (luaL_loadstring) (lua_State *L, const char *s); LUALIB_API lua_State *(luaL_newstate) (void); -LUALIB_API unsigned luaL_makeseed (lua_State *L); +LUALIB_API unsigned (luaL_makeseed) (lua_State *L); LUALIB_API lua_Integer (luaL_len) (lua_State *L, int idx); diff --git a/lstrlib.c b/lstrlib.c index 06ea10d9f6..874cec8086 100644 --- a/lstrlib.c +++ b/lstrlib.c @@ -141,8 +141,8 @@ static int str_rep (lua_State *L) { const char *s = luaL_checklstring(L, 1, &len); lua_Integer n = luaL_checkinteger(L, 2); const char *sep = luaL_optlstring(L, 3, "", &lsep); - if (n <= 0) - lua_pushliteral(L, ""); + if (n <= 0 || (len | lsep) == 0) + lua_pushliteral(L, ""); /* no repetitions or both strings empty */ else if (l_unlikely(len > MAX_SIZE - lsep || cast_st2S(len + lsep) > cast_st2S(MAX_SIZE) / n)) return luaL_error(L, "resulting string too large"); From 2a7cf4f319fc276f4554a8f6364e6b1ba4eb2ded Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sun, 11 Jan 2026 15:36:03 -0300 Subject: [PATCH 10/23] More effort in avoiding errors in finalizers Before calling a finalizer, Lua not only checks stack limits, but actually ensures that a minimum number of slots are already allocated for the call. (If it cannot ensure that, it postpones the finalizer.) That avoids finalizers not running due to memory errors that the programmer cannot control. --- ldo.c | 20 ++++++++++++++------ lgc.c | 2 +- lstate.c | 17 +++++++++++------ lstate.h | 2 +- ltests.c | 23 +++++++++++++++++++++++ testes/gc.lua | 42 ++++++++++++++++++++++++++++++++++++++++++ testes/memerr.lua | 19 +++++++++++++++++++ testes/tracegc.lua | 9 +++++++-- 8 files changed, 118 insertions(+), 16 deletions(-) diff --git a/ldo.c b/ldo.c index 6d0184ecd5..12e0364b98 100644 --- a/ldo.c +++ b/ldo.c @@ -221,13 +221,21 @@ l_noret luaD_errerr (lua_State *L) { /* -** Check whether stack has enough space to run a simple function (such -** as a finalizer): At least BASIC_STACK_SIZE in the Lua stack and -** 2 slots in the C stack. +** Check whether stacks have enough space to run a simple function (such +** as a finalizer): At least BASIC_STACK_SIZE in the Lua stack, two +** available CallInfos, and two "slots" in the C stack. */ int luaD_checkminstack (lua_State *L) { - return ((stacksize(L) < MAXSTACK - BASIC_STACK_SIZE) && - (getCcalls(L) < LUAI_MAXCCALLS - 2)); + if (getCcalls(L) >= LUAI_MAXCCALLS - 2) + return 0; /* not enough C-stack slots */ + if (L->ci->next == NULL && luaE_extendCI(L, 0) == NULL) + return 0; /* unable to allocate first ci */ + if (L->ci->next->next == NULL && luaE_extendCI(L, 0) == NULL) + return 0; /* unable to allocate second ci */ + if (L->stack_last.p - L->top.p >= BASIC_STACK_SIZE) + return 1; /* enough (BASIC_STACK_SIZE) free slots in the Lua stack */ + else /* try to grow stack to a size with enough free slots */ + return luaD_growstack(L, BASIC_STACK_SIZE, 0); } @@ -616,7 +624,7 @@ void luaD_poscall (lua_State *L, CallInfo *ci, int nres) { -#define next_ci(L) (L->ci->next ? L->ci->next : luaE_extendCI(L)) +#define next_ci(L) (L->ci->next ? L->ci->next : luaE_extendCI(L, 1)) /* diff --git a/lgc.c b/lgc.c index f1d9a7ce8a..0f89451c64 100644 --- a/lgc.c +++ b/lgc.c @@ -1293,7 +1293,7 @@ static void finishgencycle (lua_State *L, global_State *g) { correctgraylists(g); checkSizes(L, g); g->gcstate = GCSpropagate; /* skip restart */ - if (!g->gcemergency && luaD_checkminstack(L)) + if (g->tobefnz != NULL && !g->gcemergency && luaD_checkminstack(L)) callallpendingfinalizers(L); } diff --git a/lstate.c b/lstate.c index 70a11aaec6..7d34199198 100644 --- a/lstate.c +++ b/lstate.c @@ -68,14 +68,19 @@ void luaE_setdebt (global_State *g, l_mem debt) { } -CallInfo *luaE_extendCI (lua_State *L) { +CallInfo *luaE_extendCI (lua_State *L, int err) { CallInfo *ci; - lua_assert(L->ci->next == NULL); - ci = luaM_new(L, CallInfo); - lua_assert(L->ci->next == NULL); - L->ci->next = ci; + ci = luaM_reallocvector(L, NULL, 0, 1, CallInfo); + if (l_unlikely(ci == NULL)) { /* allocation failed? */ + if (err) + luaM_error(L); /* raise the error */ + return NULL; /* else only report it */ + } + ci->next = L->ci->next; ci->previous = L->ci; - ci->next = NULL; + L->ci->next = ci; + if (ci->next) + ci->next->previous = ci; ci->u.l.trap = 0; L->nci++; return ci; diff --git a/lstate.h b/lstate.h index 20dc4d24f0..013872835d 100644 --- a/lstate.h +++ b/lstate.h @@ -438,7 +438,7 @@ union GCUnion { LUAI_FUNC void luaE_setdebt (global_State *g, l_mem debt); LUAI_FUNC void luaE_freethread (lua_State *L, lua_State *L1); LUAI_FUNC lu_mem luaE_threadsize (lua_State *L); -LUAI_FUNC CallInfo *luaE_extendCI (lua_State *L); +LUAI_FUNC CallInfo *luaE_extendCI (lua_State *L, int err); LUAI_FUNC void luaE_shrinkCI (lua_State *L); LUAI_FUNC void luaE_checkcstack (lua_State *L); LUAI_FUNC void luaE_incCstack (lua_State *L); diff --git a/ltests.c b/ltests.c index c4905f9487..ce2b20ca5e 100644 --- a/ltests.c +++ b/ltests.c @@ -1106,6 +1106,27 @@ static int stacklevel (lua_State *L) { } +static int resetCI (lua_State *L) { + CallInfo *ci = L->ci; + while (ci->next != NULL) { + CallInfo *tofree = ci->next; + ci->next = ci->next->next; + luaM_free(L, tofree); + L->nci--; + } + return 0; +} + + +static int reallocstack (lua_State *L) { + int n = cast_int(luaL_checkinteger(L, 1)); + lua_lock(L); + luaD_reallocstack(L, cast_int(L->top.p - L->stack.p) + n, 1); + lua_unlock(L); + return 0; +} + + static int table_query (lua_State *L) { const Table *t; int i = cast_int(luaL_optinteger(L, 2, -1)); @@ -2182,6 +2203,8 @@ static const struct luaL_Reg tests_funcs[] = { {"s2d", s2d}, {"sethook", sethook}, {"stacklevel", stacklevel}, + {"resetCI", resetCI}, + {"reallocstack", reallocstack}, {"sizes", get_sizes}, {"testC", testC}, {"makeCfunc", makeCfunc}, diff --git a/testes/gc.lua b/testes/gc.lua index 62713dac64..e50d9029b0 100644 --- a/testes/gc.lua +++ b/testes/gc.lua @@ -707,4 +707,46 @@ end collectgarbage(oldmode) + +if T then + print("testing stack issues when calling finalizers") + + local X + local obj + + local function initobj () + X = false + obj = setmetatable({}, {__gc = function () X = true end}) + end + + local function loop (n) + if n > 0 then loop(n - 1) end + end + + -- should not try to call finalizer without a CallInfo available + initobj() + loop(20) -- ensure stack space + T.resetCI() -- remove extra CallInfos + T.alloccount(0) -- cannot allocate more CallInfos + obj = nil + collectgarbage() -- will not call finalizer + T.alloccount() + assert(X == false) + collectgarbage() -- now will call finalizer (it was still pending) + assert(X == true) + + -- should not try to call finalizer without stack space available + initobj() + loop(5) -- ensure enough CallInfos + T.reallocstack(0) -- remove extra stack slots + T.alloccount(0) -- cannot reallocate stack + obj = nil + collectgarbage() -- will not call finalizer + T.alloccount() + assert(X == false) + collectgarbage() -- now will call finalizer (it was still pending) + assert(X == true) +end + + print('OK') diff --git a/testes/memerr.lua b/testes/memerr.lua index 9c940ca79a..a55514a9e8 100644 --- a/testes/memerr.lua +++ b/testes/memerr.lua @@ -282,6 +282,25 @@ testamem("growing stack", function () return foo(100) end) + +collectgarbage() +collectgarbage() +global io, T, setmetatable, collectgarbage, print + +local Count = 0 +testamem("finalizers", function () + local X = false + local obj = setmetatable({}, {__gc = function () X = true end}) + obj = nil + T.resetCI() -- remove extra CallInfos + T.reallocstack(18) -- remove extra stack slots + Count = Count + 1 + io.stderr:write(Count, "\n") + T.trick(io) + collectgarbage() + return X +end) + -- }================================================================== diff --git a/testes/tracegc.lua b/testes/tracegc.lua index a8c929dffd..c1154f90f2 100644 --- a/testes/tracegc.lua +++ b/testes/tracegc.lua @@ -1,10 +1,15 @@ -- track collections + local M = {} -- import list -local setmetatable, stderr, collectgarbage = - setmetatable, io.stderr, collectgarbage +local stderr, collectgarbage = io.stderr, collectgarbage + +-- the debug version of setmetatable does not create any object (such as +-- a '__metatable' string), and so it is more appropriate to be used in +-- a finalizer +local setmetatable = require"debug".setmetatable global none From f5d1e8639bf5df24c761602354218df21f796a30 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Fri, 16 Jan 2026 16:38:44 -0300 Subject: [PATCH 11/23] New compile option LUA_COMPAT_LOOPVAR When on, this option makes for-loop control variables not read only. --- lparser.c | 13 +++++++++++-- luaconf.h | 7 +++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lparser.c b/lparser.c index b3855d4cb6..b27463af3e 100644 --- a/lparser.c +++ b/lparser.c @@ -1682,13 +1682,22 @@ static void forbody (LexState *ls, int base, int line, int nvars, int isgen) { } +/* +** Control whether for-loop control variables are read-only +*/ +#if defined(LUA_COMPAT_LOOPVAR) +#define LOOPVARKIND VDKREG +#else /* by default, these variables are read only */ +#define LOOPVARKIND RDKCONST +#endif + static void fornum (LexState *ls, TString *varname, int line) { /* fornum -> NAME = exp,exp[,exp] forbody */ FuncState *fs = ls->fs; int base = fs->freereg; new_localvarliteral(ls, "(for state)"); new_localvarliteral(ls, "(for state)"); - new_varkind(ls, varname, RDKCONST); /* control variable */ + new_varkind(ls, varname, LOOPVARKIND); /* control variable */ checknext(ls, '='); exp1(ls); /* initial value */ checknext(ls, ','); @@ -1715,7 +1724,7 @@ static void forlist (LexState *ls, TString *indexname) { new_localvarliteral(ls, "(for state)"); /* iterator function */ new_localvarliteral(ls, "(for state)"); /* state */ new_localvarliteral(ls, "(for state)"); /* closing var. (after swap) */ - new_varkind(ls, indexname, RDKCONST); /* control variable */ + new_varkind(ls, indexname, LOOPVARKIND); /* control variable */ /* other declared variables */ while (testnext(ls, ',')) { new_localvar(ls, str_checkname(ls)); diff --git a/luaconf.h b/luaconf.h index 96a77802b9..f076c98472 100644 --- a/luaconf.h +++ b/luaconf.h @@ -342,6 +342,13 @@ #define LUA_COMPAT_GLOBAL +/* +@@ LUA_COMPAT_LOOPVAR makes for-loop control variables not read-only, +** as they were in previous versions. +*/ +/* #define LUA_COMPAT_LOOPVAR */ + + /* @@ LUA_COMPAT_MATHLIB controls the presence of several deprecated ** functions in the mathematical library. From e992c6a95939c8e1fe357bfce481e0d0c762c3c6 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Tue, 20 Jan 2026 13:06:16 -0300 Subject: [PATCH 12/23] Some compilation options configurable from makefile Compilation options LUA_COMPAT_GLOBAL, LUA_COMPAT_LOOPVAR, and LUA_READLINELIB do not affect the API, so they can be changed through the make file. --- llex.c | 2 +- lparser.c | 4 ++-- ltests.h | 1 + luaconf.h | 12 ++++++++++-- manual/manual.of | 6 ++++++ 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/llex.c b/llex.c index f8bb3ea4b4..7cd9fcaf52 100644 --- a/llex.c +++ b/llex.c @@ -188,7 +188,7 @@ void luaX_setinput (lua_State *L, LexState *ls, ZIO *z, TString *source, so they cannot be collected */ ls->envn = luaS_newliteral(L, LUA_ENV); /* get env string */ ls->brkn = luaS_newliteral(L, "break"); /* get "break" string */ -#if defined(LUA_COMPAT_GLOBAL) +#if LUA_COMPAT_GLOBAL /* compatibility mode: "global" is not a reserved word */ ls->glbn = luaS_newliteral(L, "global"); /* get "global" string */ ls->glbn->extra = 0; /* mark it as not reserved */ diff --git a/lparser.c b/lparser.c index b27463af3e..6b87773ea3 100644 --- a/lparser.c +++ b/lparser.c @@ -1685,7 +1685,7 @@ static void forbody (LexState *ls, int base, int line, int nvars, int isgen) { /* ** Control whether for-loop control variables are read-only */ -#if defined(LUA_COMPAT_LOOPVAR) +#if LUA_COMPAT_LOOPVAR #define LOOPVARKIND VDKREG #else /* by default, these variables are read only */ #define LOOPVARKIND RDKCONST @@ -2120,7 +2120,7 @@ static void statement (LexState *ls) { gotostat(ls, line); break; } -#if defined(LUA_COMPAT_GLOBAL) +#if LUA_COMPAT_GLOBAL case TK_NAME: { /* compatibility code to parse global keyword when "global" is not reserved */ diff --git a/ltests.h b/ltests.h index 93096da810..f5f14cd61c 100644 --- a/ltests.h +++ b/ltests.h @@ -14,6 +14,7 @@ /* test Lua with compatibility code */ #define LUA_COMPAT_MATHLIB #undef LUA_COMPAT_GLOBAL +#define LUA_COMPAT_GLOBAL 0 #define LUA_DEBUG diff --git a/luaconf.h b/luaconf.h index f076c98472..1b72e3384a 100644 --- a/luaconf.h +++ b/luaconf.h @@ -70,15 +70,19 @@ #if defined(LUA_USE_LINUX) #define LUA_USE_POSIX #define LUA_USE_DLOPEN /* needs an extra library: -ldl */ +#if !defined(LUA_READLINELIB) #define LUA_READLINELIB "libreadline.so" #endif +#endif #if defined(LUA_USE_MACOSX) #define LUA_USE_POSIX #define LUA_USE_DLOPEN /* macOS does not need -ldl */ +#if !defined(LUA_READLINELIB) #define LUA_READLINELIB "libedit.dylib" #endif +#endif #if defined(LUA_USE_IOS) @@ -339,14 +343,18 @@ /* @@ LUA_COMPAT_GLOBAL avoids 'global' being a reserved word */ -#define LUA_COMPAT_GLOBAL +#if !defined(LUA_COMPAT_GLOBAL) +#define LUA_COMPAT_GLOBAL 1 +#endif /* @@ LUA_COMPAT_LOOPVAR makes for-loop control variables not read-only, ** as they were in previous versions. */ -/* #define LUA_COMPAT_LOOPVAR */ +#if !defined(LUA_COMPAT_LOOPVAR) +#define LUA_COMPAT_LOOPVAR 0 +#endif /* diff --git a/manual/manual.of b/manual/manual.of index 5fa4e097e1..09075346fd 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -9594,12 +9594,18 @@ change between versions. @item{ The word @Rw{global} is a reserved word. Do not use it as a regular name. + +The compilation option @id{LUA_COMPAT_GLOBAL} (see @id{luaconf.h}) +makes @id{global} a regular word. } @item{ The control variable in @Rw{for} loops is read only. If you need to change it, declare a local variable with the same name in the loop body. + +The compilation option @id{LUA_COMPAT_LOOPVAR} (see @id{luaconf.h}) +makes these variables regular (writable). } @item{ From 3360710bd3ea8da06fa5062f9d10c2719083097c Mon Sep 17 00:00:00 2001 From: Roberto I Date: Thu, 22 Jan 2026 13:47:10 -0300 Subject: [PATCH 13/23] Another way to handle option -E A pointer to function 'l_getenv' can point to the regular 'getenv' or to a dumb function (that always returns NULL) to ignore environment variables. --- lua.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lua.c b/lua.c index 5054583de9..37fd1cb87e 100644 --- a/lua.c +++ b/lua.c @@ -374,12 +374,21 @@ static int runargs (lua_State *L, char **argv, int n) { } +static char *(*l_getenv)(const char *name); + +/* Function to ignore environment variables, used by option -E */ +static char *no_getenv (const char *name) { + UNUSED(name); + return NULL; +} + + static int handle_luainit (lua_State *L) { const char *name = "=" LUA_INITVARVERSION; - const char *init = getenv(name + 1); + const char *init = l_getenv(name + 1); if (init == NULL) { name = "=" LUA_INIT_VAR; - init = getenv(name + 1); /* try alternative name */ + init = l_getenv(name + 1); /* try alternative name */ } if (init == NULL) return LUA_OK; else if (init[0] == '@') @@ -715,17 +724,18 @@ static int pmain (lua_State *L) { if (args & has_v) /* option '-v'? */ print_version(); if (args & has_E) { /* option '-E'? */ + l_getenv = &no_getenv; /* program will ignore environment variables */ lua_pushboolean(L, 1); /* signal for libraries to ignore env. vars. */ lua_setfield(L, LUA_REGISTRYINDEX, "LUA_NOENV"); } + else + l_getenv = &getenv; luai_openlibs(L); /* open standard libraries */ createargtable(L, argv, argc, script); /* create table 'arg' */ lua_gc(L, LUA_GCRESTART); /* start GC... */ lua_gc(L, LUA_GCGEN); /* ...in generational mode */ - if (!(args & has_E)) { /* no option '-E'? */ - if (handle_luainit(L) != LUA_OK) /* run LUA_INIT */ - return 0; /* error running LUA_INIT */ - } + if (handle_luainit(L) != LUA_OK) /* run LUA_INIT */ + return 0; /* error running LUA_INIT */ if (!runargs(L, argv, optlim)) /* execute arguments -e, -l, and -W */ return 0; /* something failed */ if (script > 0) { /* execute main script (if there is one) */ From cfcaa9493b783527e5b5dfb71afb51602b3bccac Mon Sep 17 00:00:00 2001 From: Roberto I Date: Fri, 23 Jan 2026 16:25:18 -0300 Subject: [PATCH 14/23] Explanation about char* parameters in the C API --- manual/manual.of | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/manual/manual.of b/manual/manual.of index 09075346fd..893592da60 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -2692,7 +2692,19 @@ which behaves like a nil value. @sect3{constchar|@title{Pointers to Strings} -Several functions in the API return pointers (@T{const char*}) +Several functions in the API accept pointers (@T{const char*}) +to C strings. +Some of there parameters have an associated length (@T{size_t}). +Unless stated otherwise, +when there is an associated length, +the string can contain embedded zeros; +moreover, the pointer can be @id{NULL} if the length is zero. +When there is no associated length, +the pointer must point to a zero-terminated string. +In any case, the string contents should remain unchanged +until the function returns. + +Several functions in the API also return pointers (@T{const char*}) to Lua strings in the stack. (See @Lid{lua_pushfstring}, @Lid{lua_pushlstring}, @Lid{lua_pushstring}, and @Lid{lua_tolstring}. From efbc29754544dd820bfdc81edf17d7dcfad31d05 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Thu, 29 Jan 2026 14:24:25 -0300 Subject: [PATCH 15/23] New year and (eventual) new release --- lua.h | 6 +++--- manual/2html | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lua.h b/lua.h index ab473dc3e4..6deaed49c2 100644 --- a/lua.h +++ b/lua.h @@ -13,13 +13,13 @@ #include -#define LUA_COPYRIGHT LUA_RELEASE " Copyright (C) 1994-2025 Lua.org, PUC-Rio" +#define LUA_COPYRIGHT LUA_RELEASE " Copyright (C) 1994-2026 Lua.org, PUC-Rio" #define LUA_AUTHORS "R. Ierusalimschy, L. H. de Figueiredo, W. Celes" #define LUA_VERSION_MAJOR_N 5 #define LUA_VERSION_MINOR_N 5 -#define LUA_VERSION_RELEASE_N 0 +#define LUA_VERSION_RELEASE_N 1 #define LUA_VERSION_NUM (LUA_VERSION_MAJOR_N * 100 + LUA_VERSION_MINOR_N) #define LUA_VERSION_RELEASE_NUM (LUA_VERSION_NUM * 100 + LUA_VERSION_RELEASE_N) @@ -521,7 +521,7 @@ struct lua_Debug { /****************************************************************************** -* Copyright (C) 1994-2025 Lua.org, PUC-Rio. +* Copyright (C) 1994-2026 Lua.org, PUC-Rio. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the diff --git a/manual/2html b/manual/2html index b7afd2a6e4..d3b88b349b 100755 --- a/manual/2html +++ b/manual/2html @@ -30,7 +30,7 @@ by Roberto Ierusalimschy, Luiz Henrique de Figueiredo, Waldemar Celes

Copyright -© 2025 Lua.org, PUC-Rio. All rights reserved. +© 2026 Lua.org, PUC-Rio. All rights reserved.

From c6b484823806e08e1756b1a6066a3ace6f080fae Mon Sep 17 00:00:00 2001 From: Roberto I Date: Fri, 30 Jan 2026 16:47:33 -0300 Subject: [PATCH 16/23] Environment variable for readline library name The name of the readline library can be changed from its default value through environment variable LUA_READLINELIB. --- lua.c | 24 ++++++++++++++++++------ testes/main.lua | 23 ++++++++++++++++++++++- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/lua.c b/lua.c index 37fd1cb87e..3f4fc9f780 100644 --- a/lua.c +++ b/lua.c @@ -30,6 +30,12 @@ #define LUA_INIT_VAR "LUA_INIT" #endif +/* Name of the environment variable with the name of the readline library */ +#if !defined(LUA_RLLIB_VAR) +#define LUA_RLLIB_VAR "LUA_READLINELIB" +#endif + + #define LUA_INITVARVERSION LUA_INIT_VAR LUA_VERSUFFIX @@ -507,18 +513,24 @@ static void lua_freeline (char *line) { #include static void lua_initreadline (lua_State *L) { - void *lib = dlopen(LUA_READLINELIB, RTLD_NOW | RTLD_LOCAL); - if (lib == NULL) - lua_warning(L, "library '" LUA_READLINELIB "' not found", 0); - else { + const char *rllib = l_getenv(LUA_RLLIB_VAR); /* name of readline library */ + void *lib; /* library handle */ + if (rllib == NULL) /* no environment variable? */ + rllib = LUA_READLINELIB; /* use default name */ + lib = dlopen(rllib, RTLD_NOW | RTLD_LOCAL); + if (lib != NULL) { const char **name = cast(const char**, dlsym(lib, "rl_readline_name")); if (name != NULL) *name = "lua"; l_readline = cast(l_readlineT, cast_func(dlsym(lib, "readline"))); l_addhist = cast(l_addhistT, cast_func(dlsym(lib, "add_history"))); - if (l_readline == NULL) - lua_warning(L, "unable to load 'readline'", 0); + if (l_readline != NULL) /* could load readline function? */ + return; /* everything ok */ + /* else emit a warning */ } + lua_warning(L, "unable to load readline library '", 1); + lua_warning(L, rllib, 1); + lua_warning(L, "'", 0); } #else /* }{ */ diff --git a/testes/main.lua b/testes/main.lua index dc48dc485f..98d3695189 100644 --- a/testes/main.lua +++ b/testes/main.lua @@ -78,6 +78,9 @@ end RUN('lua -v') +RUN('lua -v > %s', out) +local release = string.match(getoutput(), "Lua (%d+%.%d+%.%d+)") + print(string.format("(temporary program file used in these tests: %s)", prog)) -- running stdin as a file @@ -167,7 +170,9 @@ checkout("10\n11\n") -- test errors in LUA_INIT NoRun('LUA_INIT:1: msg', 'env LUA_INIT="error(\'msg\')" lua') --- test option '-E' + +print("testing option '-E'") + local defaultpath, defaultCpath do @@ -192,6 +197,22 @@ assert(not string.find(defaultpath, "xxx") and string.find(defaultCpath, "lua")) +-- (LUA_READLINELIB was introduced in 5.5.1) +if release >= "5.5.1" then + print"testing readline library name" + -- should generate a warning when trying to load inexistent library "xuxu" + local env = [[LUA_READLINELIB=xuxu LUA_INIT="warn('@allow')"]] + local code = 'echo " " | env %s lua %s -W -i >%s 2>&1' + RUN(code, env, "", out) -- run code with no extra options + assert(string.find(getoutput(), + "warning: unable to load readline library 'xuxu'")) + + RUN(code, env, "-E", out) -- run again with option -E + -- no warning when LUA_READLINELIB is to be ignored + assert(not string.find(getoutput(), "warning")) +end + + -- test replacement of ';;' to default path local function convert (p) prepfile("print(package.path)") From b60e2bcd7ca4c349bd6ee7a8e929f55e04f7ca87 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Mon, 9 Feb 2026 13:44:27 -0300 Subject: [PATCH 17/23] Avoid an assignment of values that overlap The original code was like this, where t->u.ind.t and t->u.info overlap: t->u.ind.t = cast_byte((t->k == VLOCAL) ? t->u.var.ridx: t->u.info); --- lcode.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lcode.c b/lcode.c index 4caa8046f6..33cbd6874f 100644 --- a/lcode.c +++ b/lcode.c @@ -827,7 +827,7 @@ void luaK_dischargevars (FuncState *fs, expdesc *e) { } /* FALLTHROUGH */ case VLOCAL: { /* already in a register */ int temp = e->u.var.ridx; - e->u.info = temp; /* (can't do a direct assignment; values overlap) */ + e->u.info = temp; /* (avoid a direct assignment; values overlap) */ e->k = VNONRELOC; /* becomes a non-relocatable value */ break; } @@ -1365,7 +1365,7 @@ void luaK_indexed (FuncState *fs, expdesc *t, expdesc *k) { luaK_exp2anyreg(fs, t); /* put it in a register */ if (t->k == VUPVAL) { lu_byte temp = cast_byte(t->u.info); /* upvalue index */ - t->u.ind.t = temp; /* (can't do a direct assignment; values overlap) */ + t->u.ind.t = temp; /* (avoid a direct assignment; values overlap) */ lua_assert(isKstr(fs, k)); fillidxk(t, k->u.info, VINDEXUP); /* literal short string */ } @@ -1373,12 +1373,13 @@ void luaK_indexed (FuncState *fs, expdesc *t, expdesc *k) { int kreg = luaK_exp2anyreg(fs, k); /* put key in some register */ lu_byte vreg = cast_byte(t->u.var.ridx); /* register with vararg param. */ lua_assert(vreg == fs->f->numparams); - t->u.ind.t = vreg; /* (avoid a direct assignment; values may overlap) */ + t->u.ind.t = vreg; /* (avoid a direct assignment; values may overlap?) */ fillidxk(t, kreg, VVARGIND); /* 't' represents 'vararg[k]' */ } else { /* register index of the table */ - t->u.ind.t = cast_byte((t->k == VLOCAL) ? t->u.var.ridx: t->u.info); + lu_byte temp = cast_byte((t->k == VLOCAL) ? t->u.var.ridx: t->u.info); + t->u.ind.t = temp; /* (avoid a direct assignment; values may overlap?) */ if (isKstr(fs, k)) fillidxk(t, k->u.info, VINDEXSTR); /* literal short string */ else if (isCint(k)) /* int. constant in proper range? */ From 7c40c5edb2364745bf0add6feb02c7c90dfbae3e Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Tue, 10 Feb 2026 16:41:02 -0300 Subject: [PATCH 18/23] Details Spaces + added initialization to the documentation of global declarations. --- luaconf.h | 18 +++++++++--------- manual/manual.of | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/luaconf.h b/luaconf.h index 1b72e3384a..7f2206d06d 100644 --- a/luaconf.h +++ b/luaconf.h @@ -228,17 +228,17 @@ #if !defined(LUA_PATH_DEFAULT) #define LUA_PATH_DEFAULT \ - LUA_LDIR"?.lua;" LUA_LDIR"?\\init.lua;" \ - LUA_CDIR"?.lua;" LUA_CDIR"?\\init.lua;" \ - LUA_SHRDIR"?.lua;" LUA_SHRDIR"?\\init.lua;" \ + LUA_LDIR "?.lua;" LUA_LDIR "?\\init.lua;" \ + LUA_CDIR "?.lua;" LUA_CDIR "?\\init.lua;" \ + LUA_SHRDIR "?.lua;" LUA_SHRDIR "?\\init.lua;" \ ".\\?.lua;" ".\\?\\init.lua" #endif #if !defined(LUA_CPATH_DEFAULT) #define LUA_CPATH_DEFAULT \ - LUA_CDIR"?.dll;" \ - LUA_CDIR"..\\lib\\lua\\" LUA_VDIR "\\?.dll;" \ - LUA_CDIR"loadall.dll;" ".\\?.dll" + LUA_CDIR "?.dll;" \ + LUA_CDIR "..\\lib\\lua\\" LUA_VDIR "\\?.dll;" \ + LUA_CDIR "loadall.dll;" ".\\?.dll" #endif #else /* }{ */ @@ -249,14 +249,14 @@ #if !defined(LUA_PATH_DEFAULT) #define LUA_PATH_DEFAULT \ - LUA_LDIR"?.lua;" LUA_LDIR"?/init.lua;" \ - LUA_CDIR"?.lua;" LUA_CDIR"?/init.lua;" \ + LUA_LDIR "?.lua;" LUA_LDIR "?/init.lua;" \ + LUA_CDIR "?.lua;" LUA_CDIR "?/init.lua;" \ "./?.lua;" "./?/init.lua" #endif #if !defined(LUA_CPATH_DEFAULT) #define LUA_CPATH_DEFAULT \ - LUA_CDIR"?.so;" LUA_CDIR"loadall.so;" "./?.so" + LUA_CDIR "?.so;" LUA_CDIR "loadall.so;" "./?.so" #endif #endif /* } */ diff --git a/manual/manual.of b/manual/manual.of index 893592da60..18c187f439 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -9743,7 +9743,7 @@ and @bnfNter{LiteralString}, see @See{lexical}.) @OrNL @Rw{local} @Rw{function} @bnfNter{Name} funcbody @OrNL @Rw{global} @Rw{function} @bnfNter{Name} funcbody @OrNL @Rw{local} attnamelist @bnfopt{@bnfter{=} explist} -@OrNL @Rw{global} attnamelist +@OrNL @Rw{global} attnamelist @bnfopt{@bnfter{=} explist} @OrNL @Rw{global} @bnfopt{attrib} @bnfter{*} } From 10eb89d1141dc528806b32401e408e36fb2f3bf5 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Wed, 18 Feb 2026 13:24:04 -0300 Subject: [PATCH 19/23] BUG: shift overflow in utf-8 decode An initial byte \xFF will ask for 7 continuation bytes, and then the shift by (count * 5) will try to shift 35 bits. --- lutf8lib.c | 5 ++++- makefile | 2 +- testes/utf8.lua | 14 +++++++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/lutf8lib.c b/lutf8lib.c index b7f3fe1e16..73f0e49bf6 100644 --- a/lutf8lib.c +++ b/lutf8lib.c @@ -56,6 +56,8 @@ static const char *utf8_decode (const char *s, l_uint32 *val, int strict) { l_uint32 res = 0; /* final result */ if (c < 0x80) /* ASCII? */ res = c; + else if (c >= 0xfe) /* c >= 1111 1110b ? */ + return NULL; /* would need six or more continuation bytes */ else { int count = 0; /* to count number of continuation bytes */ for (; c & 0x40; c <<= 1) { /* while it needs continuation bytes... */ @@ -64,8 +66,9 @@ static const char *utf8_decode (const char *s, l_uint32 *val, int strict) { return NULL; /* invalid byte sequence */ res = (res << 6) | (cc & 0x3F); /* add lower 6 bits from cont. byte */ } + lua_assert(count <= 5); res |= ((l_uint32)(c & 0x7F) << (count * 5)); /* add first byte */ - if (count > 5 || res > MAXUTF || res < limits[count]) + if (res > MAXUTF || res < limits[count]) return NULL; /* invalid byte sequence */ s += count; /* skip continuation bytes read */ } diff --git a/makefile b/makefile index 8674519f5f..fa165bca6a 100644 --- a/makefile +++ b/makefile @@ -60,7 +60,7 @@ CWARNS= $(CWARNSCPP) $(CWARNSC) $(CWARNGCC) # create problems; some are only available in newer gcc versions. To # use some of them, we also have to define an environment variable # ASAN_OPTIONS="detect_invalid_pointer_pairs=2". -# -fsanitize=undefined +# -fsanitize=undefined (you may need to add "-lubsan" to libs) # -fsanitize=pointer-subtract -fsanitize=address -fsanitize=pointer-compare # TESTS= -DLUA_USER_H='"ltests.h"' -Og -g diff --git a/testes/utf8.lua b/testes/utf8.lua index 028995a478..8a0213d651 100644 --- a/testes/utf8.lua +++ b/testes/utf8.lua @@ -238,10 +238,18 @@ s = "\0 \x7F\z s = string.gsub(s, " ", "") check(s, {0,0x7F, 0x80,0x7FF, 0x800,0xFFFF, 0x10000,0x10FFFF}) + +-- again, without strictness +s = "\xF0\x90\x80\x80 \xF7\xBF\xBF\xBF\z + \xF8\x88\x80\x80\x80 \xFB\xBF\xBF\xBF\xBF\z + \xFC\x84\x80\x80\x80\x80 \xFD\xBF\xBF\xBF\xBF\xBF" +s = string.gsub(s, " ", "") +check(s, {0x10000,0x1FFFFF, 0x200000,0x3FFFFFF, 0x4000000,0x7FFFFFFF}, true) + do -- original UTF-8 values local s = "\u{4000000}\u{7FFFFFFF}" - assert(#s == 12) + assert(s == "\xFC\x84\x80\x80\x80\x80\xFD\xBF\xBF\xBF\xBF\xBF") check(s, {0x4000000, 0x7FFFFFFF}, true) s = "\u{200000}\u{3FFFFFF}" @@ -257,6 +265,10 @@ local x = "日本語a-4\0éó" check(x, {26085, 26412, 35486, 97, 45, 52, 0, 233, 243}) +-- more than 5 continuation bytes +assert(not utf8.len("\xff\x8f\x8f\x8f\x8f\x8f\x8f\x8f")) + + -- Supplementary Characters check("𣲷𠜎𠱓𡁻𠵼ab𠺢", {0x23CB7, 0x2070E, 0x20C53, 0x2107B, 0x20D7C, 0x61, 0x62, 0x20EA2,}) From 9e501d9855e560b08c50fb0cf6e147af93bb497e Mon Sep 17 00:00:00 2001 From: Roberto I Date: Mon, 9 Mar 2026 16:23:03 -0300 Subject: [PATCH 20/23] Slightly better documentation for LUAI_MAXALIGN --- luaconf.h | 11 +++++++++-- manual/manual.of | 8 ++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/luaconf.h b/luaconf.h index 7f2206d06d..5ac9d9884e 100644 --- a/luaconf.h +++ b/luaconf.h @@ -736,10 +736,17 @@ /* -@@ LUAI_MAXALIGN defines fields that, when used in a union, ensure -** maximum alignment for the other items in that union. +@@ LUAI_MAXALIGN defines fields that ensure proper alignment for +** memory areas offered by Lua (e.g., userdata memory). +** Add fields to it if you need alignment for non-ISO objects. */ +#if defined(LLONG_MAX) +/* use ISO C99 stuff */ +#define LUAI_MAXALIGN long double u; void *s; long long l +#else +/* use only C89 stuff */ #define LUAI_MAXALIGN lua_Number n; double u; void *s; lua_Integer i; long l +#endif /* }================================================================== */ diff --git a/manual/manual.of b/manual/manual.of index 18c187f439..5eb2fb1f4f 100644 --- a/manual/manual.of +++ b/manual/manual.of @@ -3915,8 +3915,12 @@ like any Lua object. This function creates and pushes on the stack a new full userdata, with @id{nuvalue} associated Lua values, called @id{user values}, plus an associated block of raw memory with @id{size} bytes. -(The user values can be set and read with the functions -@Lid{lua_setiuservalue} and @Lid{lua_getiuservalue}.) + +The user values can be set and read with the functions +@Lid{lua_setiuservalue} and @Lid{lua_getiuservalue}. +The block of memory is suitably aligned for any @N{ISO C} object. +(See macro @id{LUAI_MAXALIGN} in file @id{luaconf.h} for other +alignment requirements.) The function returns the address of the block of memory. Lua ensures that this address is valid as long as From 36d5d2b2847906aa3b66e020d5d894a14ba2bf90 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Mon, 9 Mar 2026 16:24:06 -0300 Subject: [PATCH 21/23] Details --- lopcodes.c | 2 +- lutf8lib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lopcodes.c b/lopcodes.c index 7e182315bc..c4828bfc02 100644 --- a/lopcodes.c +++ b/lopcodes.c @@ -104,7 +104,7 @@ LUAI_DDEF const lu_byte luaP_opmodes[NUM_OPCODES] = { ,opmode(0, 1, 0, 0, 1, iABC) /* OP_VARARG */ ,opmode(0, 0, 0, 0, 1, iABC) /* OP_GETVARG */ ,opmode(0, 0, 0, 0, 0, iABx) /* OP_ERRNNIL */ - ,opmode(0, 0, 1, 0, 1, iABC) /* OP_VARARGPREP */ + ,opmode(0, 0, 1, 0, 0, iABC) /* OP_VARARGPREP */ ,opmode(0, 0, 0, 0, 0, iAx) /* OP_EXTRAARG */ }; diff --git a/lutf8lib.c b/lutf8lib.c index 73f0e49bf6..0cd7f9c363 100644 --- a/lutf8lib.c +++ b/lutf8lib.c @@ -149,7 +149,7 @@ static int codepoint (lua_State *L) { static void pushutfchar (lua_State *L, int arg) { lua_Unsigned code = (lua_Unsigned)luaL_checkinteger(L, arg); luaL_argcheck(L, code <= MAXUTF, arg, "value out of range"); - lua_pushfstring(L, "%U", (long)code); + lua_pushfstring(L, "%U", cast(unsigned long, code)); } From 377cbea61b2688b21c7d243fc0f42498851df794 Mon Sep 17 00:00:00 2001 From: Roberto I Date: Mon, 9 Mar 2026 16:24:49 -0300 Subject: [PATCH 22/23] 'table.tunpack' using 'aux_getn' like the others 'table.tunpack' was not checking its first argument, which could result in error messages generated inside the API, without location information. --- ltablib.c | 11 +++++++---- testes/sort.lua | 13 +++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/ltablib.c b/ltablib.c index 46ecb5e024..15c3c09f04 100644 --- a/ltablib.c +++ b/ltablib.c @@ -42,15 +42,17 @@ static int checkfield (lua_State *L, const char *key, int n) { /* ** Check that 'arg' either is a table or can behave like one (that is, -** has a metatable with the required metamethods) +** has a metatable with the required metamethods). */ static void checktab (lua_State *L, int arg, int what) { - if (lua_type(L, arg) != LUA_TTABLE) { /* is it not a table? */ + int tp = lua_type(L, arg); + if (tp != LUA_TTABLE) { /* is it not a table? */ int n = 1; /* number of elements to pop */ if (lua_getmetatable(L, arg) && /* must have metatable */ (!(what & TAB_R) || checkfield(L, "__index", ++n)) && (!(what & TAB_W) || checkfield(L, "__newindex", ++n)) && - (!(what & TAB_L) || checkfield(L, "__len", ++n))) { + (!(what & TAB_L) || /* strings don't need '__len' to have a length */ + tp == LUA_TSTRING || checkfield(L, "__len", ++n))) { lua_pop(L, n); /* pop metatable and tested metamethods */ } else @@ -204,8 +206,9 @@ static int tpack (lua_State *L) { static int tunpack (lua_State *L) { lua_Unsigned n; + lua_Integer len = aux_getn(L, 1, TAB_R); lua_Integer i = luaL_optinteger(L, 2, 1); - lua_Integer e = luaL_opt(L, luaL_checkinteger, 3, luaL_len(L, 1)); + lua_Integer e = luaL_opt(L, luaL_checkinteger, 3, len); if (i > e) return 0; /* empty range */ n = l_castS2U(e) - l_castS2U(i); /* number of elements minus 1 */ if (l_unlikely(n >= (unsigned int)INT_MAX || diff --git a/testes/sort.lua b/testes/sort.lua index b012766057..92aaca3cef 100644 --- a/testes/sort.lua +++ b/testes/sort.lua @@ -72,6 +72,19 @@ assert(a==1 and x==nil) a,x = unpack({1,2}, 1, 1) assert(a==1 and x==nil) + +do -- unpack with non-tables + local debug = require"debug" + local oldmt = debug.getmetatable(0) + local str = "hello" + debug.setmetatable(0, + { __len = function () return #str end, + __index = function (_, i) return string.sub(str, i, i) end}) + assert(table.concat({table.unpack(0)}) == str) + debug.setmetatable(0, oldmt) -- restore original metatable for numbers +end + + do local maxi = (1 << 31) - 1 -- maximum value for an int (usually) local mini = -(1 << 31) -- minimum value for an int (usually) From 51269bd783c9371252947b26cc865239dbb0153d Mon Sep 17 00:00:00 2001 From: Roberto I Date: Sun, 15 Mar 2026 15:14:14 -0300 Subject: [PATCH 23/23] Adjustment in useless parameter L in macros luai_num* --- llimits.h | 12 ++++++------ lvm.c | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/llimits.h b/llimits.h index fc5cb276f6..3f0372552a 100644 --- a/llimits.h +++ b/llimits.h @@ -234,12 +234,12 @@ typedef unsigned long l_uint32; /* floor division (defined as 'floor(a/b)') */ #if !defined(luai_numidiv) -#define luai_numidiv(L,a,b) ((void)L, l_floor(luai_numdiv(L,a,b))) +#define luai_numidiv(L,a,b) l_floor(luai_numdiv(L,a,b)) #endif /* float division */ #if !defined(luai_numdiv) -#define luai_numdiv(L,a,b) ((a)/(b)) +#define luai_numdiv(L,a,b) ((void)L, (a)/(b)) #endif /* @@ -267,10 +267,10 @@ typedef unsigned long l_uint32; /* the others are quite standard operations */ #if !defined(luai_numadd) -#define luai_numadd(L,a,b) ((a)+(b)) -#define luai_numsub(L,a,b) ((a)-(b)) -#define luai_nummul(L,a,b) ((a)*(b)) -#define luai_numunm(L,a) (-(a)) +#define luai_numadd(L,a,b) ((void)L, (a)+(b)) +#define luai_numsub(L,a,b) ((void)L, (a)-(b)) +#define luai_nummul(L,a,b) ((void)L, (a)*(b)) +#define luai_numunm(L,a) ((void)L, -(a)) #define luai_numeq(a,b) ((a)==(b)) #define luai_numlt(a,b) ((a)<(b)) #define luai_numle(a,b) ((a)<=(b)) diff --git a/lvm.c b/lvm.c index c70e2b8a8a..96ae16390f 100644 --- a/lvm.c +++ b/lvm.c @@ -268,9 +268,9 @@ static int forprep (lua_State *L, StkId ra) { /* ** Execute a step of a float numerical for loop, returning ** true iff the loop must continue. (The integer case is -** written online with opcode OP_FORLOOP, for performance.) +** written inline with opcode OP_FORLOOP, for performance.) */ -static int floatforloop (StkId ra) { +static int floatforloop (lua_State *L, StkId ra) { lua_Number step = fltvalue(s2v(ra + 1)); lua_Number limit = fltvalue(s2v(ra)); lua_Number idx = fltvalue(s2v(ra + 2)); /* control variable */ @@ -1841,7 +1841,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) { pc -= GETARG_Bx(i); /* jump back */ } } - else if (floatforloop(ra)) /* float loop */ + else if (floatforloop(L, ra)) /* float loop */ pc -= GETARG_Bx(i); /* jump back */ updatetrap(ci); /* allows a signal to break the loop */ vmbreak;