Bug: wrong initialization in result from 'gmatch'

Function returned by 'string.gmatch' can be left in an inconsistent state after an error.
2026-06-07 23:53:48 +00:00 · 2026-04-01 15:01:58 -03:00
parent f1bb2773bb
commit efddc2309c
2 changed files with 18 additions and 2 deletions
--- a/lstrlib.c
+++ b/lstrlib.c
@@ -757,19 +757,25 @@ static int nospecials (const char *p, size_t l) {
 }


+/*
+** Prepare state for matches. These fields are not affected by each match.
+*/
 static void prepstate (MatchState *ms, lua_State *L,
                       const char *s, size_t ls, const char *p, size_t lp) {
  ms->L = L;
-  ms->matchdepth = MAXCCALLS;
  ms->src_init = s;
  ms->src_end = s + ls;
  ms->p_end = p + lp;
 }


+/*
+** (Re)prepare state for a match, setting fields that change during
+** each match.
+*/
 static void reprepstate (MatchState *ms) {
+  ms->matchdepth = MAXCCALLS;
  ms->level = 0;
-  lua_assert(ms->matchdepth == MAXCCALLS);
 }


--- a/testes/pm.lua
+++ b/testes/pm.lua
@@ -347,6 +347,16 @@ do   -- init parameter in gmatch
 end


+do  -- bug since 5.3
+  local N = 20000
+  local iter = string.gmatch(string.rep("a", N), string.rep("a?", N))
+  pcall(iter)   -- error for pattern too complex
+  -- calling function again found recursion count ('matchdepth') equal
+  -- to -1, so it did not detect next C-stack overflow
+  pcall(iter)
+end
+
+
 -- tests for `%f' (`frontiers')

 assert(string.gsub("aaa aa a aaa a", "%f[%w]a", "x") == "xaa xa x xaa x")