[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Turn off LUA_USE_DLOPEN on iOS
- From: Hisham <h@...>
- Date: Wed, 15 Mar 2017 22:53:09 -0300
On 14 March 2017 at 06:50, Nagaev Boris <email@example.com> wrote:
> On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu <firstname.lastname@example.org> wrote:
>> Nagaev Boris <email@example.com>于2017年3月14日周二 下午5:00写道：
>>> If I understand the thread correctly, it applies only to the app store
>>> and only to cases when code "passes arbitrary parameters". It is not
>> In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we
>> can pass any string from the script. I guess Apple use a static analysis
>> tool to review the apps submitted to the App Store.
> Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
> require). If the static analysis tool doesn't understand this, it is
> not a problem of the app.
Requiring a module from Lua with a fixed string will still translate
to a dlopen() with a variable argument in the Lua interpreter loop. So
yeah, I wouldn't expect a static analyzer to catch that.