lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


So if the load function causes memory corruption, it is not considered as bugs?

 

Best,

Yongheng Chen

 

From: Rena
Sent: Wednesday, September 23, 2020 5:11 PM
To: Lua mailing list
Subject: Re: The security of function load

 

On Wed, Sep 23, 2020 at 4:24 PM Yongheng Chen <changochen1@gmail.com> wrote:

> 

> The function load accepts a binary chunk as argument. I wonder if is it memory-safe against malformed binary chunks? I couldn’t find related materials about it.

> 

> 

> 

> Best,

> 

> Yongheng Chen

> 

> 

 

It is not. Previous efforts to harden it against such attacks proved

more work than it was worth. You can prevent loading binary chunks

entirely, but in general you must trust the code being loaded.

 

--

Sent from my Game Boy.