Re: Stack overflow in lsys_load (lua/loadlib.c:134)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Stack overflow in lsys_load (lua/loadlib.c:134)
From: Roberto Ierusalimschy <roberto@...>
Date: Mon, 7 Sep 2020 18:23:36 -0300

> > > Stack overflow in lsys_load (lua/loadlib.c:134)
> > > 
> > > [...]
> 
> Python 3 has the same issue (which reinforces the blame on dlopen):
> 
> $ python3
> Python 3.6.9 (default, Jul 17 2020, 12:50:27) 
> [GCC 8.4.0] on linux
> Type "help", "copyright", "credits" or "license" for more information.
> >>> from ctypes import *
> >>> x = 'a' * 10000000
> >>> cdll.LoadLibrary(x)
> Segmentation fault (core dumped)

Perl also has the same issue:

  $ perl -de1
  Loading DB routines from perl5db.pl version 1.51
  [...]
  DB<1> require DynaLoader;
  DB<2> print(&DynaLoader::dl_load_file("a" x 100000000, 1));
  Segmentation fault (core dumped)

Again, the segfault happens inside open_path, which uses 'alloca' to
get a temporary buffer to manipulate the 'file' parameter.

Note that, in all cases, the given parameter is not intended to be a
pathname, because it does not contain a slash.

-- Roberto

Follow-Ups:
- Re: Stack overflow in lsys_load (lua/loadlib.c:134), Viacheslav Usov

References:
- Stack overflow in lsys_load (lua/loadlib.c:134), secwx weizhenvul
- Re: Stack overflow in lsys_load (lua/loadlib.c:134), Roberto Ierusalimschy
- Re: Stack overflow in lsys_load (lua/loadlib.c:134), Roberto Ierusalimschy

Prev by Date: Re: lua_assert in the wrong place
Next by Date: Re: lua_assert in the wrong place
Previous by thread: Re: Stack overflow in lsys_load (lua/loadlib.c:134)
Next by thread: Re: Stack overflow in lsys_load (lua/loadlib.c:134)
Index(es):
- Date
- Thread