[svacer] lua_pcall result is ignored in src/lua/serializer.c #9396

sergepetrenko · 2023-11-23T12:23:57Z

Svacer link

Relevant code:

Lines 269 to 282 in 1f128c5

    
           if (lua_pcall(L, 2, 1, 0) == 0  && !lua_isnil(L, -1)) { 
        
           	if (!lua_isfunction(L, -1)) { 
        
           		diag_set(LuajitError, 
        
           			 "invalid " LUAL_SERIALIZE " value"); 
        
           		return -1; 
        
           	} 
        
           	/* copy object itself */ 
        
           	lua_pushvalue(L, idx); 
        
           	lua_pcall(L, 1, 1, 0); 
        
           	/* replace obj with the unpacked value */ 
        
           	lua_replace(L, idx); 
        
           	if (luaL_tofield(L, cfg, idx, field) < 0) 
        
           		return -1; 
        
           } /* else ignore lua_gettable exceptions */

The result of lua_pcall on line 277 is ignored. But lua_pcall() pushes the error message on the stack in case there was an error. So if we leave the lua_pcall result unchecked we then serialize the error. Basically, if __serialize metamethod returns an error ,this error will be silently serialized.

This might've been changed accidentally quite a while ago: 5519276. In this commit a lua_call wrapped with try ... catch was replaced with a lua_pcall. So previously the error wasn't serialized, even though it was ignored as well.

It seems we shouldn't ignore the __serialize errors and report them to the user.

The text was updated successfully, but these errors were encountered:

Without checking the return value of lua_pcall()` in `lua_field_inspect_ucdata()`, the error message itself is returned as a serialized result. The result status of `lua_pcall()` is not ignored now. NO_DOC=bugfix Closes tarantool#9396

Without checking the return value of lua_pcall()` in `lua_field_inspect_ucdata()`, the error message itself is returned as a serialized result. The result status of `lua_pcall()` is not ignored now. NO_DOC=bugfix Closes tarantool#9396 (cherry picked from commit 98474f7)

Without checking the return value of `lua_pcall()` in `lua_field_inspect_ucdata()`, the error message itself is returned as a serialized result. The result status of `lua_pcall()` is not ignored now. NO_DOC=bugfix Closes tarantool#9396 (cherry picked from commit 98474f7)

Without checking the return value of `lua_pcall()` in `lua_field_inspect_ucdata()`, the error message itself is returned as a serialized result. The result status of `lua_pcall()` is not ignored now. NO_DOC=bugfix Closes tarantool#9396 (cherry picked from commit 98474f7) Since the behavior of the <app/fiber.lua> test is changed in 2.11 the result file is updated here.

Without checking the return value of `lua_pcall()` in `lua_field_inspect_ucdata()`, the error message itself is returned as a serialized result. The result status of `lua_pcall()` is not ignored now. NO_DOC=bugfix Closes #9396 (cherry picked from commit 98474f7) Since the behavior of the <app/fiber.lua> test is changed in 2.11 the result file is updated here.

sergepetrenko added the bug Something isn't working label Nov 23, 2023

igormunkin assigned Buristan Nov 24, 2023

coveralls mentioned this issue Nov 27, 2023

lua: prevent serialization of error for ucdata #9413

Merged

igormunkin closed this as completed in 98474f7 Nov 30, 2023

Buristan mentioned this issue Dec 7, 2023

[backport release/2.10] lua: prevent serialization of error for ucdata #9455

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[svacer] lua_pcall result is ignored in src/lua/serializer.c #9396

[svacer] lua_pcall result is ignored in src/lua/serializer.c #9396

sergepetrenko commented Nov 23, 2023

[svacer] lua_pcall result is ignored in src/lua/serializer.c #9396

[svacer] lua_pcall result is ignored in src/lua/serializer.c #9396

Comments

sergepetrenko commented Nov 23, 2023