[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Heap use after free in luaD_call
- From: Roberto Ierusalimschy <roberto@...>
- Date: Mon, 6 Jul 2020 09:53:15 -0300
> We found a heap use after free in lua. Here’s the details:
>
> Version:
>
> Lua 5.4.0, git hash c33b1728aeb7dfeec4013562660e07d32697aa6b
>
> POC:
>
> function errfunc() string.rep('mod', 512) end
>
> function test()
>
> load(function()(function() printload(
>
> xpcall(test, function() print(xpcall(test, errfunc)) end)) end)()
> end)
>
> end(function() print(xpcall(test, errfunc)) end)()
>
>
>
> How to reproduce:
>
> ./lua poc.lua
Thanks for the report.
-- Roberto
