[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Heap use after free in lua_checkstack
- From: Roberto Ierusalimschy <roberto@...>
- Date: Sat, 25 Jul 2020 15:42:55 -0300
> We found a heap use after free in lua_checkstack. Here’s the POC:
>
> function errfunc() pcall(4) do coroutine.resume(coroutine.create(
>
> function() do local a function errfunc()
>
> a = {} loadstring 'fail' end coroutine.wrap(function() print(
>
> xpcall(test, errfunc)) end)() coro() end end))() end
>
> end(function() print(xpcall(test, errfunc)) end)()
>
>
>
> Lua version 5.4.0, git hash 34affe7a63fc5d842580a9f23616d057e17dfe27
I could not reproduce this one. (But I will look at it again later.)
-- Roberto
