lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


2017-02-09 11:15 GMT+02:00 云风 Cloud Wu <cloudwu@gmail.com>:

> I found there is a function " static const char *utf8_decode (const char *o,
> int *val) " in lutf8lib.c . This function can't known the boundary of string
> o . So it may cause the heap corruption.
>
> For example, I can build a corruption utf8 string, when utf8 function call
> utf8_decode to read it , it may read the memory out of the string. Or it
> can't detect the utf8 string is invalid.

Your subject proclaims that a call to the utf8 libray may cause heap
corruption, but your argument merely shows that a call to utf8_decode
could.

The function is not exported. All the calls to it that can ever happen
are in lutf8lib.c. Moreover, at most four bytes of string o are examined,
there is no possibility of an indefinite loop.

Please show us that corruption string that you can build, and the
call to the utf8 library that then corrupts the heap. I don't believe you.