lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

This code (which is a slight variation of

$ cat afl-out/crashes/id*0001,*                                                                    
a = string.dump(function()return;end)
a = a:gsub(string.char(38,37,122,128), string.char(34,0,0), 1)

crashes Lua 5.3.0.

$ gdb lua5.3                                                                                       
Reading symbols from lua5.3...(no debugging symbols found)...done.
(gdb) run afl-out/crashes/id*0001,*
Starting program: /usr/pkg/bin/lua5.3 afl-out/crashes/id*0001,*

Program received signal SIGSEGV, Segmentation fault.
0x00007f7ff78185bd in luaV_execute () from /usr/pkg/lib/
(gdb) bt
#0  0x00007f7ff78185bd in luaV_execute () from /usr/pkg/lib/
#1  0x00007f7ff780cb9b in luaD_call () from /usr/pkg/lib/
#2  0x00007f7ff780c25c in luaD_rawrunprotected () from /usr/pkg/lib/
#3  0x00007f7ff780cdee in luaD_pcall () from /usr/pkg/lib/
#4  0x00007f7ff78091c7 in lua_pcallk () from /usr/pkg/lib/
#5  0x0000000000401af7 in _start ()

Found (in few seconds) by afl

PS It's easy to crash Lua with a malformed binary chunk. I wonder
if it's supposed to be robust.