Bug: check for constructor overflow in [exp] fields

The check for constructor overflow was considering only fields with explicit names, ignoring fields with syntax '[exp]=exp'.
2025-07-24 04:32:35 +00:00 · 2025-05-20 17:50:56 -03:00 · 2025-05-20 17:50:56 -03:00 · c15543b9af
commit c15543b9af
parent be05c44481
2 changed files with 5 additions and 6 deletions
--- a/lopcodes.h
+++ b/lopcodes.h
@ -254,7 +254,7 @@ OP_SETTABLE,/*	A B C	R[A][R[B]] := RK(C)				*/
 OP_SETI,/*	A B C	R[A][B] := RK(C)				*/
 OP_SETFIELD,/*	A B C	R[A][K[B]:shortstring] := RK(C)			*/
-OP_NEWTABLE,/*	A B C k	R[A] := {}					*/
+OP_NEWTABLE,/*	A vB vC k	R[A] := {}				*/
 OP_SELF,/*	A B C	R[A+1] := R[B]; R[A] := R[B][K[C]:shortstring]	*/
@ -378,9 +378,9 @@ OP_EXTRAARG/*	Ax	extra (larger) argument for previous opcode	*/
  real C = EXTRAARG _ C (the bits of EXTRAARG concatenated with the
  bits of C).
-  (*) In OP_NEWTABLE, B is log2 of the hash size (which is always a
+  (*) In OP_NEWTABLE, vB is log2 of the hash size (which is always a
  power of 2) plus 1, or zero for size zero. If not k, the array size
-  is C. Otherwise, the array size is EXTRAARG _ C.
+  is vC. Otherwise, the array size is EXTRAARG _ vC.
  (*) For comparisons, k specifies what condition the test should accept
  (true or false).
--- a/lparser.c
+++ b/lparser.c
@ -904,12 +904,11 @@ static void recfield (LexState *ls, ConsControl *cc) {
  FuncState *fs = ls->fs;
  lu_byte reg = ls->fs->freereg;
  expdesc tab, key, val;
-  if (ls->t.token == TK_NAME) {
+  if (ls->t.token == TK_NAME)
    luaY_checklimit(fs, cc->nh, INT_MAX / 2, "items in a constructor");
    codename(ls, &key);
  }
  else  /* ls->t.token == '[' */
    yindex(ls, &key);
  luaY_checklimit(fs, cc->nh, INT_MAX / 2, "items in a constructor");
  cc->nh++;
  checknext(ls, '=');
  tab = *cc->t;