Lua.VM.Limits (Lua v1.0.0-rc.1)
View SourcePractical resource ceilings for stdlib operations whose output size is a function of a numeric argument.
These guard against denial-of-service via a single oversized allocation
(e.g. string.rep("x", 1e15), table.unpack(t, 1, 1e12)). Each call
site computes the result size before allocating and asks here whether
it is permitted, turning what would otherwise be an out-of-memory crash
of the host into a catchable Lua error.
PUC-Lua raises the same messages — "resulting string too large" on
size_t overflow in str_rep, and "too many results to unpack" on the
INT_MAX guard in unpack. The thresholds here sit far above any
legitimate embedded use; they are the same guards at a practical bound
rather than at the machine word size.
This is the deterministic, OTP-independent layer: it never relies on the garbage collector or heap accounting to notice a bomb, because the bomb is refused before a byte is allocated.
Summary
Functions
Asserts that a range-based table operation (concat, move) would not
touch more than the element ceiling. Raises a catchable bad-argument
error attributed to function_name otherwise.
Asserts that an as-yet-unallocated string of bytes bytes is within the
ceiling. Raises a catchable "resulting string too large" runtime error
otherwise.
The element-count ceiling for range-based table operations.
The string-size ceiling, in bytes.
Functions
Asserts that a range-based table operation (concat, move) would not
touch more than the element ceiling. Raises a catchable bad-argument
error attributed to function_name otherwise.
@spec check_string_size!(integer()) :: :ok
Asserts that an as-yet-unallocated string of bytes bytes is within the
ceiling. Raises a catchable "resulting string too large" runtime error
otherwise.
@spec max_element_count() :: pos_integer()
The element-count ceiling for range-based table operations.
@spec max_string_bytes() :: pos_integer()
The string-size ceiling, in bytes.