Re: Specially crafted binary chunks can cause Lua to crash

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Specially crafted binary chunks can cause Lua to crash
From: "Peter Cawley" <lua@...>
Date: Mon, 24 Mar 2008 19:43:47 +0000

On 24/03/2008, Daniel Stephens <daniel@danielstephens.com> wrote:
>  if you trust your environment/users enough to leave binary loadstring
>  available, then you also implictly trust them not to feed you invalid
>  bytecode.
As loadstring and load are part of the standard core library, almost
every usage of Lua will leave them available to the user.

On 24/03/2008, Daniel Stephens <daniel@danielstephens.com> wrote:
>  You could of course add your own verifier that scans the
>  bytecode to ensure that it's well-formed, but that kind of overhead
>  feels like it may be a deliberate omission, rather than a bug.
The function luaG_checkcode (ldebug.c) is called when binary chunks
are loaded, and does just that - it checks that bytecode is
well-formed that spits out "bad code in precompiled chunk" errors for
bytecode that does things it shouldn't. However, this is one case
where said function isn't quite sufficient. Many other things that I
tried were caught by this function, but this was not.

Follow-Ups:
- Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens

References:
- Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens

Prev by Date: Re: Specially crafted binary chunks can cause Lua to crash
Next by Date: Re: Specially crafted binary chunks can cause Lua to crash
Previous by thread: Re: Specially crafted binary chunks can cause Lua to crash
Next by thread: Re: Specially crafted binary chunks can cause Lua to crash
Index(es):
- Date
- Thread