[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: dostring and precompiled code
- From: Edgar Toernig <froese@...>
- Date: Tue, 06 Feb 2001 02:45:54 +0100
Luiz Henrique de Figueiredo wrote:
> If dostring accepted
> precompiled code, it might be possible to crash the host by feeding dostring
> with malicious code, created on the fly in Lua, although I almost sure
> that badly built precompiled code is flagged; the only problems would be
> runtime errors, which have been discussed here in previous messages, and are
> hard to handle.
I'm not sure if I understand you right, but malicious code is definitely able
to generate a segfault. In fact, the virtual machine just assumes "correct"
code. It will happy execute a pushnil(999999).
> | if (*s == '\27') /* binary files start with ESC... */
> | lua_error(L, "`dostring' cannot run pre-compiled code");
And if you keep it in, better make that '\33' ;-)