lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Mon, Dec 12, 2016 at 1:11 AM, Nagaev Boris <> wrote:
> On 11 Dec 2016 4:00 pm, "Pierre-Yves Gérardy" <> wrote:
> On Mon, Dec 12, 2016 at 12:21 AM, Samuel Groß <> wrote:
>> [6]: "We have always considered it unacceptable for a Lua program to be
>> able
>> to crash the host application. Lua should be a safe language.". This seems
>> to be clearly violated here.
> Beside what Daurnimator said in a parallel thread, the sentence you
> quoted applies to Lua source code, not bytecode.
> Lua program can load bytecode using load function.

And the potential crashes are acknowledged at the end of :

"Lua does not check the consistency of binary chunks. Maliciously
crafted binary chunks can crash the interpreter."

Also, you can call `load` in "t" mode, it will reject bytecode (it
would be nice it it was the default behavior).