[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: luac [GS]ETTABUP "anomoly"
- From: Patrick Donnelly <batrick@...>
- Date: Mon, 2 Apr 2012 01:44:13 -0400
On Mon, Apr 2, 2012 at 1:08 AM, Alex Davies <alex.mania@iinet.net.au> wrote:
> This isn't an anomaly or bug. It's how Lua is able to index more than 256
> constants - look at the bit field, it's only 9 bits with one reserved to
> mean "is constant" (from memory).
I don't know of an apt noun to call this problem. Anomaly seemed best
as it's "unexpected". I knew the cause of the problem. Fixing it
"naively" is fairly trivial by keeping track of LOADK instructions
which load a string constant into a register.
> It's definitely possible a future version of Lua may not solve the problem
> this way - there's nothing to stop the authors changing the VM entirely, to
> a stack-based architecture even. But it's not a bug, and it's definitely not
> something that needs to be fixed.
AFAICT, there's nothing stopping luac from telling us which constant
GETTABUP/SETTABUP is referring to. Because I believe that it could be
easily fixed and that maybe this particular case was overlooked when
reworking luac, I decided to mail the list.
[Of course, I recognize there are cases where luac can't tell us what
is in the register. e.g. global(func())]
> If you're writing a code analysis program though, this metadata may help you
> in other ways.
This code analysis tool is very specific to global accesses and won't
be expanded on. It's purpose is to find bugs related to global
accesses which are common in Nmap's NSE.
--
- Patrick Donnelly
