Re: Bug: Segfault calling tostring on a result from debug.getlocal

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bug: Segfault calling tostring on a result from debug.getlocal
From: Peter Cawley <lua@...>
Date: Fri, 20 Apr 2012 20:52:29 +0100

On Fri, Apr 20, 2012 at 8:40 PM, Roberto Ierusalimschy
<roberto@inf.puc-rio.br> wrote:
> Many thanks for the report. A quick fix would be to filter out that
> values in lua_getlocal; maybe a better (but more extensive) fix would be
> to avoid putting prototypes in the stack in the first place.

For what it's worth, I'd lead toward the extensive fix; due to
load()'s callback, malicious bytecode can grab the prototype whilst
avoiding lua_getlocal's hypothetical filter. Albeit you may have
bigger problems if malicious bytecode is flying around, but it would
mean one less path to exploitation.

Follow-Ups:
- RE: Bug: Segfault calling tostring on a result from debug.getlocal, Dan Tull

References:
- Bug: Segfault calling tostring on a result from debug.getlocal, Dan Tull
- Re: Bug: Segfault calling tostring on a result from debug.getlocal, Roberto Ierusalimschy

Prev by Date: Re: Bug: Segfault calling tostring on a result from debug.getlocal
Next by Date: RE: Bug: Segfault calling tostring on a result from debug.getlocal
Previous by thread: Re: Bug: Segfault calling tostring on a result from debug.getlocal
Next by thread: RE: Bug: Segfault calling tostring on a result from debug.getlocal
Index(es):
- Date
- Thread