Re: Small variation of #5.1.3-5 crashes Lua 5.3.0

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Small variation of #5.1.3-5 crashes Lua 5.3.0
From: Roberto Ierusalimschy <roberto@...>
Date: Thu, 26 Feb 2015 21:55:14 -0300

> This code (which is a slight variation of
> http://www.lua.org/bugs.html#5.1.3-5):
> 
> $ cat afl-out/crashes/id*0001,*                                                                    
> a = string.dump(function()return;end)
> a = a:gsub(string.char(38,37,122,128), string.char(34,0,0), 1)
> load(a)()
> 
> crashes Lua 5.3.0.

>From the manual (http://www.lua.org/manual/5.3/manual.html#pdf-load):

    load (chunk [, chunkname [, mode [, env]]])
    [...]
    Lua does not check the consistency of binary chunks. Maliciously
    crafted binary chunks can crash the interpreter.

(That is why you have parameter 'mode'.)

-- Roberto

References:
- Small variation of #5.1.3-5 crashes Lua 5.3.0, Alexander Nasonov

Prev by Date: Re: Small variation of #5.1.3-5 crashes Lua 5.3.0
Next by Date: Lua on Heroku
Previous by thread: Re: Small variation of #5.1.3-5 crashes Lua 5.3.0
Next by thread: Lua on Heroku
Index(es):
- Date
- Thread