The use of the walrus operator in for ... in loops will increase the active variables, but the next call does not account for them and can use the stack slots of these variables. This can result in a Segmentation fault when one of the variables is an upvalue and is used to remove the function from an active stack frame as is the case in the example with c1 being removed due to an overlap with the active x upvalue.
local tmp
local function c1()
tmp()
error('')
end
function f()
if tmp ~= nil then c1() end
return 1, 2
end
local function bug(t)
for a in x:=y:=t do
tmp = function() x=nil end
end
end
bug(f)
The use of the walrus operator in
for ... inloops will increase the active variables, but the next call does not account for them and can use the stack slots of these variables. This can result in aSegmentation faultwhen one of the variables is an upvalue and is used to remove the function from an active stack frame as is the case in the example withc1being removed due to an overlap with the activexupvalue.