From 5432e0a332c61abcfee8c08efab07ebf793f29c7 Mon Sep 17 00:00:00 2001 From: Uli Schlachter Date: Wed, 12 Mar 2014 11:12:23 +0100 Subject: [PATCH] awesome.spawn(): Check table arguments better Previously, any not-string-convertible entry in the array argument would result in lua_tostring() returning NULL which g_strdup() would pass through. Thus, we would end up with a NULL entry in an array whose end is marked with a NULL entry. This mainly means that we had a memory leak. Fix this by actually verifying that we only have strings in the table that we are looking at. Signed-off-by: Uli Schlachter --- spawn.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/spawn.c b/spawn.c index c93b346d..287e126d 100644 --- a/spawn.c +++ b/spawn.c @@ -272,6 +272,7 @@ static gchar ** parse_command(lua_State *L, int idx) { gchar **argv = NULL; + idx = luaA_absindex(L, idx); if (lua_isstring(L, idx)) { @@ -282,12 +283,24 @@ parse_command(lua_State *L, int idx) else if (lua_istable(L, idx)) { size_t i, len = luaA_rawlen(L, idx); - argv = g_new0(gchar *, len + 1); + /* First verify that the table is sane: All integer keys must contain + * strings. Do this by pushing them all onto the stack. + */ for (i = 0; i < len; i++) { lua_rawgeti(L, idx, i+1); - argv[i] = g_strdup(lua_tostring(L, -1)); + if (lua_type(L, -1) != LUA_TSTRING) + luaL_error(L, "Non-string argument at table index %d", i+1); + } + + /* From this point on nothing can go wrong and so we can safely allocate + * memory. + */ + argv = g_new0(gchar *, len + 1); + for (i = 0; i < len; i++) + { + argv[len - i - 1] = g_strdup(lua_tostring(L, -1)); lua_pop(L, 1); } }