[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Various segmentation faults in luac
- From: Dennis Felsing <dennis@...>
- Date: Tue, 9 Dec 2014 14:19:09 +0100
On 2014-12-09T09:30-0200, Luiz Henrique de Figueiredo wrote:
> > Using the AFL fuzzer ( http://lcamtuf.coredump.cx/afl/ ) I found a few
> > segfaults (and a failed assertion, id:000019) in luac when inputting
> > files from stdin. All files are run with lua 5.2.3 and the patch from
> > http://www.lua.org/bugs.html by executing "luac - < inputfile".
> I can't reproduce any crashes.
> The scripts you sent are strange. id:000007 does not compile.
> Anyway, does it work in unpatched Lua 5.2.3?
> I don't see any reason in luac why using stdin would be different
> from using the file, except that the issue seems related to garbage
> collection and using a filename may change the memory allocation pattern.
> Try stopping the garbage collection in luac.c by adding the line below
> just before "lua_pushcfunction(L,&pmain)":
> lua_gc(L, LUA_GCSTOP, 0);
Indeed, calling "lua_gc(L, LUA_GCSTOP, 0);" makes the crashes disappear,
as does compiling for 32-bit (-m32).
Lua 5.2.2 and 5.2.3 unpatched are affected, 5.2.1 is not.
For the compiler I've tried gcc 4.8.3 and gcc 4.9.2 as well as -O0
instead of -O2, none of which made a difference.