lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

I agree that fixing instability in one's code is best. However, the library is hypothetical. (note, I only have a rudimentary understanding of these issues.) If my 'library' failed to do proper bounds checking and had the potential for buffer overruns (for example) when exposed to a network, would calling said library from Lua protect me?


Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
  Original Message  
From: Tim Hume
Sent: Sunday, September 18, 2016 3:53 PM
To: Lua mailing list
Reply To: Lua mailing list
Subject: Re: Lua exposure to C vulnerabilities?

> So, like, an with a very large filename could allow arbitrary code 
> execution? O_o
Don't know about, ... but the original poster said it was his own 
C library he was interfacing. So who knows what could happen inside the C 
library when the code is run from a Lua program, or anything else for that 
matter? The solution is to fix the root cause of the problem.