[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: The security of function load
- From: 云风 Cloud Wu <cloudwu@...>
- Date: Thu, 24 Sep 2020 10:42:12 +0800
Yongheng Chen <changochen1@gmail.com> 于2020年9月24日周四 上午5:15写道:
>
> So if the load function causes memory corruption, it is not considered as bugs?
>
http://www.lua.org/manual/5.4/manual.html#pdf-load
Lua does not check the consistency of binary chunks. Maliciously
crafted binary chunks can crash the interpreter.
http://lua-users.org/lists/lua-l/2020-08/msg00223.html (said by lhf)
Loading malformed bytecode should not crash Lua.
Running maliciously crafted bytecode can crash the interpreter.