Re: Heap use after free in lua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Heap use after free in lua_checkstack
From: bizziboi@...
Date: Sun, 26 Jul 2020 11:16:10 -0700

Unrelated as such, but can’t wait for more info about the fuzzer.

Sent from my iPhone

> On Jul 25, 2020, at 21:44, Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
> 
> 
>> 
>>>>>> "Roberto" == Roberto Ierusalimschy <roberto@inf.puc-rio.br> writes:
> 
>>> We found a heap use after free in lua_checkstack. Here’s the POC:
>>> Lua version 5.4.0, git hash 34affe7a63fc5d842580a9f23616d057e17dfe27
> 
> Roberto> I could not reproduce this one. (But I will look at it again later.)
> 
> I reproduced it using the non-minimized case; it fails in checkstack
> accessing a lua thread that is already freed. So I think this is the
> same problem with graylists as the luaD_call case.
> 
> -- 
> Andrew.

Follow-Ups:
- Re: Heap use after free in lua_checkstack, Petite Abeille

References:
- Re: Heap use after free in lua_checkstack, Andrew Gierth

Prev by Date: Re: Heap use after free in lua_checkstack
Next by Date: Re: Heap use after free in lua_checkstack
Previous by thread: Re: Heap use after free in lua_checkstack
Next by thread: Re: Heap use after free in lua_checkstack
Index(es):
- Date
- Thread