Re: Various segmentation faults in luac

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Various segmentation faults in luac
From: Dennis Felsing <dennis@...>
Date: Tue, 9 Dec 2014 14:19:09 +0100

On 2014-12-09T09:30-0200, Luiz Henrique de Figueiredo wrote:
> > Using the AFL fuzzer ( http://lcamtuf.coredump.cx/afl/ ) I found a few
> > segfaults (and a failed assertion, id:000019) in luac when inputting
> > files from stdin. All files are run with lua 5.2.3 and the patch from
> > http://www.lua.org/bugs.html by executing "luac - < inputfile".
> 
> I can't reproduce any crashes.
> The scripts you sent are strange. id:000007 does not compile.
> 
> Anyway, does it work in unpatched Lua 5.2.3?
> 
> I don't see any reason in luac why using stdin would be different
> from using the file, except that the issue seems related to garbage
> collection and using a filename may change the memory allocation pattern.
> 
> Try stopping the garbage collection in luac.c by adding the line below
> just before "lua_pushcfunction(L,&pmain)":
> 
> 	lua_gc(L, LUA_GCSTOP, 0); 
> 

Indeed, calling "lua_gc(L, LUA_GCSTOP, 0);" makes the crashes disappear,
as does compiling for 32-bit (-m32).

Lua 5.2.2 and 5.2.3 unpatched are affected, 5.2.1 is not.

For the compiler I've tried gcc 4.8.3 and gcc 4.9.2 as well as -O0
instead of -O2, none of which made a difference.

Follow-Ups:
- Re: Various segmentation faults in luac, Luiz Henrique de Figueiredo

References:
- Various segmentation faults in luac, Dennis Felsing
- Re: Various segmentation faults in luac, Luiz Henrique de Figueiredo

Prev by Date: Re: New Lua user
Next by Date: Re: Various segmentation faults in luac
Previous by thread: Re: Various segmentation faults in luac
Next by thread: Re: Various segmentation faults in luac
Index(es):
- Date
- Thread