fix(coverity): size_t overflow #30497

CID 497370: Overflowed constant (INTEGER_OVERFLOW)
    Expression `tsize - ret.has_type_key`, where tsize=0 and
    ret.has_type_key=1, underflows the type that
    receives it, an unsigned integer 64 bits wide.

    CID 509910: Overflowed constant (INTEGER_OVERFLOW)
    Expression stack.size++, which is equal to 0, where stack.size is
    known to be equal to 18446744073709551615, overflows the type that
    receives it, an unsigned integer 64 bits wide
This commit is contained in:
Justin M. Keyes 2024-09-25 03:25:49 -07:00 committed by GitHub
parent 8ba9f0468d
commit 069451bb21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -122,6 +122,7 @@ static LuaTableProps nlua_traverse_table(lua_State *const lstate)
lua_pop(lstate, 1); lua_pop(lstate, 1);
} }
if (ret.has_type_key) { if (ret.has_type_key) {
assert(tsize > 0);
if (ret.type == kObjectTypeFloat if (ret.type == kObjectTypeFloat
&& (!has_val_key || val_type != LUA_TNUMBER)) { && (!has_val_key || val_type != LUA_TNUMBER)) {
ret.type = kObjectTypeNil; ret.type = kObjectTypeNil;
@ -1150,6 +1151,7 @@ Object nlua_pop_Object(lua_State *const lstate, bool ref, Arena *arena, Error *c
if (table_props.maxidx != 0) { if (table_props.maxidx != 0) {
cur.obj->data.array = arena_array(arena, table_props.maxidx); cur.obj->data.array = arena_array(arena, table_props.maxidx);
cur.container = true; cur.container = true;
assert(kv_size(stack) < SIZE_MAX);
kvi_push(stack, cur); kvi_push(stack, cur);
} }
break; break;
@ -1158,6 +1160,7 @@ Object nlua_pop_Object(lua_State *const lstate, bool ref, Arena *arena, Error *c
if (table_props.string_keys_num != 0) { if (table_props.string_keys_num != 0) {
cur.obj->data.dict = arena_dict(arena, table_props.string_keys_num); cur.obj->data.dict = arena_dict(arena, table_props.string_keys_num);
cur.container = true; cur.container = true;
assert(kv_size(stack) < SIZE_MAX);
kvi_push(stack, cur); kvi_push(stack, cur);
lua_pushnil(lstate); lua_pushnil(lstate);
} }