Re: The security of function load

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: The security of function load
From: 云风 Cloud Wu <cloudwu@...>
Date: Thu, 24 Sep 2020 10:42:12 +0800

Yongheng Chen <changochen1@gmail.com> 于2020年9月24日周四 上午5:15写道：
>
> So if the load function causes memory corruption, it is not considered as bugs?
>

http://www.lua.org/manual/5.4/manual.html#pdf-load

Lua does not check the consistency of binary chunks. Maliciously
crafted binary chunks can crash the interpreter.

http://lua-users.org/lists/lua-l/2020-08/msg00223.html (said by lhf)

Loading malformed bytecode should not crash Lua.
Running maliciously crafted bytecode can crash the interpreter.

References:
- The security of function load, Yongheng Chen
- Re: The security of function load, Rena
- RE: The security of function load, Yongheng Chen

Prev by Date: RE: The security of function load
Next by Date: Re: To-be-closed variables and coroutines
Previous by thread: RE: The security of function load
Next by thread: Re: The security of function load
Index(es):
- Date
- Thread