[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: How to pass arguments to argv function effectively in Lua C API
- From: Marc Balmer <marc@...>
- Date: Fri, 25 Mar 2011 08:56:03 +0100
Am 25.03.2011 um 05:19 schrieb Ricardo Ramos Massaro <ricardo.massaro@gmail.com>:
> \On Thu, Mar 24, 2011 at 7:44 PM, Alexander Gladysh <agladysh@gmail.com> wrote:
>> On Fri, Mar 25, 2011 at 01:35, Peter Cawley <lua@corsix.org> wrote:
>>> On Thu, Mar 24, 2011 at 10:28 PM, Daurnimator <quae@daurnimator.com> wrote:
>>>> Is there something wrong with
>>>> int params = lua_gettop(L);
>>>> char **argv = malloc(params);
>>>> int i;
>>>> for (i=1;i<=params;i++) {
>>>> argv[i-1]=luaL_checkstring(L,i);
>>>> }
>>
>>> Yes:
>>> 1. The call to malloc may fail and return NULL, thus causing invalid
>>> memory access on "argv[i-1]".
>>> 2. The calls to luaL_checkstring may throw errors, thus leaking the
>>> memory allocated for "argv".
>>
>> 3. It bypasses allocator that Lua state uses.
>
> 4. It passes the wrong size to malloc(), it should be "params*sizeof(char*)"
that is wrong, too. don't multiply in malloc, it can lead to (exploitable) security problems,
rather use calloc(params, sizeof (char *))
>
> - Ricardo
>
