Re: Heap overflow in luaH

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Heap overflow in luaH_get
From: Sergey Zakharchenko <doublef.mobile@...>
Date: Tue, 7 Jul 2020 04:45:16 +0000

Hello Yongheng,

Yongheng Chen <changochen1@gmail.com>:
> We found a heap overflow in lua.

FWIW: Confirmed on 32-bit MIPS with moderately patched 5.4.0 (source
package md5sum dbf155764e5d433fc55ae80ea7060b60).

(gdb) bt
#0  0x7716194f in luaH_getshortstr () from .../usr/lib/liblua.so.5.4.0
#1  0x77161a69 in luaH_get () from .../usr/lib/liblua.so.5.4.0
Backtrace stopped: frame did not save the PC

Best regards,

-- 
DoubleF

References:
- Heap overflow in luaH_get, Yongheng Chen

Prev by Date: heap-buffer-overflow in luaD_pretailcall
Next by Date: Re: heap-buffer-overflow in luaD_pretailcall
Previous by thread: Heap overflow in luaH_get
Next by thread: Re: Heap overflow in luaH_get
Index(es):
- Date
- Thread