| Message ID | 20190521124551.3484-1-christian.storm@siemens.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Lua: fix segfault in image property handling | expand |
On 21/05/19 14:45, Christian Storm wrote: > table2image() calls lua_dump_table() with the 'key' parameter being > NULL and the 'img' parameter set. Subsequently, dict_insert_value() is > called with key == NULL if the Lua stack key's type is string or number, > segfaulting SWUpdate. > > Signed-off-by: Christian Storm <christian.storm@siemens.com> > Reported-by: Akihiro Suzuki <akihiro27.suzuki@toshiba.co.jp> > --- > corelib/lua_interface.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c > index d4ebe4a..443f149 100644 > --- a/corelib/lua_interface.c > +++ b/corelib/lua_interface.c > @@ -80,11 +80,11 @@ static void lua_dump_table(lua_State *L, char *str, struct img_type *img, const > lua_tostring(L, -1), > lua_tostring(L, -2)); > if (img) { > - TRACE("Inserting property %s[%s] = %s", > - key, > - lua_tostring(L, -1), > + TRACE("Inserting property %s = %s", > + key ? key : lua_tostring(L, -1), > lua_tostring(L, -2)); > - dict_insert_value(&img->properties, key, > + dict_insert_value(&img->properties, > + key ? key : lua_tostring(L, -1), > lua_tostring(L, -2)); > } > break; > Thanks for fixing this ! Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/corelib/lua_interface.c b/corelib/lua_interface.c index d4ebe4a..443f149 100644 --- a/corelib/lua_interface.c +++ b/corelib/lua_interface.c @@ -80,11 +80,11 @@ static void lua_dump_table(lua_State *L, char *str, struct img_type *img, const lua_tostring(L, -1), lua_tostring(L, -2)); if (img) { - TRACE("Inserting property %s[%s] = %s", - key, - lua_tostring(L, -1), + TRACE("Inserting property %s = %s", + key ? key : lua_tostring(L, -1), lua_tostring(L, -2)); - dict_insert_value(&img->properties, key, + dict_insert_value(&img->properties, + key ? key : lua_tostring(L, -1), lua_tostring(L, -2)); } break;
table2image() calls lua_dump_table() with the 'key' parameter being NULL and the 'img' parameter set. Subsequently, dict_insert_value() is called with key == NULL if the Lua stack key's type is string or number, segfaulting SWUpdate. Signed-off-by: Christian Storm <christian.storm@siemens.com> Reported-by: Akihiro Suzuki <akihiro27.suzuki@toshiba.co.jp> --- corelib/lua_interface.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)