From 842a83f09caa2ebd4bc03e0076420148ac07c808 Mon Sep 17 00:00:00 2001
From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Fri, 24 Nov 2023 16:08:55 -0300
Subject: [PATCH] Panic functions should not raise errors

The standard panic function was using 'lua_tostring', which may raise
a memory-allocation error if error value is a number.
---
 lauxlib.c        | 9 +++++++--
 ltests.c         | 5 +++--
 manual/manual.of | 4 ++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/lauxlib.c b/lauxlib.c
index 4ca6c654..1c9082e6 100644
--- a/lauxlib.c
+++ b/lauxlib.c
@@ -1025,9 +1025,14 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) {
 }
 
 
+/*
+** Standard panic funcion just prints an error message. The test
+** with 'lua_type' avoids possible memory errors in 'lua_tostring'.
+*/
 static int panic (lua_State *L) {
-  const char *msg = lua_tostring(L, -1);
-  if (msg == NULL) msg = "error object is not a string";
+  const char *msg = (lua_type(L, -1) == LUA_TSTRING)
+                  ? lua_tostring(L, -1)
+                  : "error object is not a string";
   lua_writestringerror("PANIC: unprotected error in call to Lua API (%s)\n",
                         msg);
   return 0;  /* return to Lua to abort */
diff --git a/ltests.c b/ltests.c
index 7d184c0d..c2943a4f 100644
--- a/ltests.c
+++ b/ltests.c
@@ -73,8 +73,9 @@ static void badexit (const char *fmt, const char *s1, const char *s2) {
 
 
 static int tpanic (lua_State *L) {
-  const char *msg = lua_tostring(L, -1);
-  if (msg == NULL) msg = "error object is not a string";
+  const char *msg = (lua_type(L, -1) == LUA_TSTRING)
+                  ? lua_tostring(L, -1)
+                  : "error object is not a string";
   return (badexit("PANIC: unprotected error in call to Lua API (%s)\n",
                    msg, NULL),
           0);  /* do not return to Lua */
diff --git a/manual/manual.of b/manual/manual.of
index ad120f5e..cef3e22a 100644
--- a/manual/manual.of
+++ b/manual/manual.of
@@ -4486,6 +4486,10 @@ This string always has a zero (@Char{\0})
 after its last character (as @N{in C}),
 but can contain other zeros in its body.
 
+This function can raise memory errors only
+when converting a number to a string
+(as then it has to create a new string).
+
 }
 
 @APIEntry{lua_Number lua_tonumber (lua_State *L, int index);|