[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: heap-buffer-overflow in luaD_pretailcall
- From: Gé Weijers <ge@...>
- Date: Tue, 7 Jul 2020 11:22:57 -0700
I did not report this issue, but I was able to reproduce the problem.
On Tue, Jul 7, 2020 at 9:31 AM Roberto Ierusalimschy
<roberto@inf.puc-rio.br> wrote:
>
> - What is a "heap overflow"?
The 'heap overflow' in this context means that the sanitizer library
detected that the program wrote past the end of the object.
>
> - How do you generate these tests?
Build a version of lua with the flag '-fsanitize=address', which
instruments the code to check for some kinds of stack and heap
corruption. It works by putting 'canary' values around each heap or
stack object and detecting when they're modified. It also tries to
detect use of an object after 'free' is called.
Stack and heap use (and code size) explode when you use this option.
I suggest passing the '-g' flag to gcc as well so you get line numbers
in the stack trace. I can reproduce this issue by compiling Lua for a
32-bit machine (I just added the 32-bit libraries to a 64-bit Debian
10 install, and passed -m32 to compile and link commands. gcc version
8.0.3). The issue supposedly occurs at ldo.c line 443.
My changes to the Makefile:
diff --git a/src/Makefile b/src/Makefile
index 514593d..da8e9e9 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -20,8 +20,8 @@ SYSCFLAGS=
SYSLDFLAGS=
SYSLIBS=
-MYCFLAGS=
-MYLDFLAGS=
+MYCFLAGS=-fsanitize=address -m32 -g
+MYLDFLAGS=-fsanitize=address -m32 -g
MYLIBS=
MYOBJS=
A general remark for people posting bug reports like this: please give
more information, like platform (X86 X86_64, etc.), compiler version,
OS and OS version. Run against the stock Lua release and report any
changes you made to the build process. Make it as easy as possible to
reproduce the bug.
--
Gé
