lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 2014-12-09T09:30-0200, Luiz Henrique de Figueiredo wrote:
> > Using the AFL fuzzer ( ) I found a few
> > segfaults (and a failed assertion, id:000019) in luac when inputting
> > files from stdin. All files are run with lua 5.2.3 and the patch from
> > by executing "luac - < inputfile".
> I can't reproduce any crashes.
> The scripts you sent are strange. id:000007 does not compile.
> Anyway, does it work in unpatched Lua 5.2.3?
> I don't see any reason in luac why using stdin would be different
> from using the file, except that the issue seems related to garbage
> collection and using a filename may change the memory allocation pattern.
> Try stopping the garbage collection in luac.c by adding the line below
> just before "lua_pushcfunction(L,&pmain)":
> 	lua_gc(L, LUA_GCSTOP, 0); 

Indeed, calling "lua_gc(L, LUA_GCSTOP, 0);" makes the crashes disappear,
as does compiling for 32-bit (-m32).

Lua 5.2.2 and 5.2.3 unpatched are affected, 5.2.1 is not.

For the compiler I've tried gcc 4.8.3 and gcc 4.9.2 as well as -O0
instead of -O2, none of which made a difference.