BUG: Possible overflow in 'string.packsize'

'string.packsize' can overflow result in 32-bit machines using 64-bit integers, as LUA_MAXINTEGER may not fit into size_t.
2026-06-07 23:53:48 +00:00 · 2026-01-04 16:31:17 -03:00
parent 962f444a75
commit 45c7ae5b1b
1 changed files with 1 additions and 1 deletions
--- a/lstrlib.c
+++ b/lstrlib.c
@@ -1726,7 +1726,7 @@ static int str_packsize (lua_State *L) {
    luaL_argcheck(L, opt != Kstring && opt != Kzstr, 1,
                     "variable-length format");
    size += ntoalign;  /* total space used by option */
-    luaL_argcheck(L, totalsize <= LUA_MAXINTEGER - size,
+    luaL_argcheck(L, totalsize <= MAX_SIZE - size,
                     1, "format result too large");
    totalsize += size;
  }