 |
lua-l archive |
|
|
||
|
I think I get your point. The POC was reduced by creduce, and the original poc can actually crash the default build lua on Linux. (not tested on windows and mac) The original POC that can crash a default build lua ( just run make on Linux) is: function errfunc() end function test() xpcall(test, coroutine.wrap(function() print(xpcall(test, errfunc)) end)) end coroutine.wrap(function() print(xpcall(test, errfunc)) end)() With the following poc, lua crashed with an invalid stack address. > I am pretty sure you also didn't see any instruction about adding the option -fsanitize=address to compile Lua. Yeah, I modify the makefile to add this flag. >. I suggested debug.setcstacklimit as a quick fix without the need to recompile Lua. Could you give some more detailed instruction about it? I couldn’t find how to do it in the readme in the official website of lua. Best, Yongheng From: Roberto Ierusalimschy > This is tested on Ubuntu16.04. I built it with –fsanitize=address. > > I didn’t see any instruction on how to add `debug.setcstacklimit`. It > seems that it is already set in luaconf.h. I am pretty sure you also didn't see any instruction about adding the option -fsanitize=address to compile Lua. With this option, the code consumes more stack than usual, and therefore the stack limit must be adapted accordingly. If you prefer, you can do that in luaconf.h, too. I suggested debug.setcstacklimit as a quick fix without the need to recompile Lua. -- Roberto |