Re: heap-buffer-overflow in luaD

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: heap-buffer-overflow in luaD_pretailcall
From: Yongheng Chen <changochen1@...>
Date: Tue, 7 Jul 2020 15:14:25 -0400

Hi,

We generate these test cases through fuzzing. The original test case is bigger, and we use 
C-reduce to reduce the test case. We can provide the original one if needed.


Yongheng

> On Jul 7, 2020, at 3:04 PM, Petite Abeille <petite.abeille@gmail.com> wrote:
> 
> 
> 
>> On Jul 7, 2020, at 20:34, Roberto Ierusalimschy <roberto@inf.puc-rio.br> wrote:
>> 
>> My question was how they generate the Lua code that trigger those
>> issues.  I am not sure whether they can be simplified; the code is quite
>> convoluted.
> 
> Interestingly, Yongheng & Rui have put sqlite through the same regime, with the same results. 
> 
> Some kind of code generation fuzzer of sort.
> 
> For example:
> 
> https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg117794.html
> 
>

Follow-Ups:
- Re: heap-buffer-overflow in luaD_pretailcall, Petite Abeille

References:
- heap-buffer-overflow in luaD_pretailcall, Rui Zhong
- Re: heap-buffer-overflow in luaD_pretailcall, Roberto Ierusalimschy
- Re: heap-buffer-overflow in luaD_pretailcall, Gé Weijers
- Re: heap-buffer-overflow in luaD_pretailcall, Roberto Ierusalimschy
- Re: heap-buffer-overflow in luaD_pretailcall, Petite Abeille

Prev by Date: Re: heap-buffer-overflow in luaD_pretailcall
Next by Date: Re: heap-buffer-overflow in luaD_pretailcall
Previous by thread: Re: heap-buffer-overflow in luaD_pretailcall
Next by thread: Re: heap-buffer-overflow in luaD_pretailcall
Index(es):
- Date
- Thread