Re: Specially crafted binary chunks can cause Lua to crash

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Specially crafted binary chunks can cause Lua to crash
From: Luiz Henrique de Figueiredo <lhf@...>
Date: Thu, 27 Mar 2008 08:51:23 -0300

> luaU_undump recursively parses its input but does not respect
> LUAI_MAXCCALLS, so a maliciously crafted input can blow the C stack.

Here is a fix:

static Proto* LoadFunction(LoadState* S, TString* p)
{
 Proto* f;
 if (++S->L->nCcalls > LUAI_MAXCCALLS) error(S,"code too deep");
 f=luaF_newproto(S->L);
 ...
 S->L->nCcalls--;
 return f;
}

References:
- Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Luiz Henrique de Figueiredo
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Greg Falcon

Prev by Date: Re: Specially crafted binary chunks can cause Lua to crash
Next by Date: Re: detecting undefined variables--a new mixed approach
Previous by thread: Re: Specially crafted binary chunks can cause Lua to crash
Next by thread: Re: Specially crafted binary chunks can cause Lua to crash
Index(es):
- Date
- Thread