Re: How does string.format handle undefined behavior?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: How does string.format handle undefined behavior?
From: Philippe Verdy <verdyp@...>
Date: Sat, 4 Sep 2021 21:41:18 +0200

string.format() in Lua does not suffer of any buffer overflow in C/C++ nul-terminated strings with most "*printf"-like functions, and does not expose any "%p" and pointer- or memory related fields.

It just mimics *some* of its behavior but processes each field with its own rule and uses safe (and immutable) Lua strings only, with known length and bound checks of indices everywhere for every operation on strings.

There's no "dragon" left behind.

Le sam. 4 sept. 2021 à 15:54, Egor Skriptunoff <egor.skriptunoff@gmail.com> a écrit :

On Fri, Aug 27, 2021 at 10:31 PM Lorenzo Donati wrote:
UB is just dragons waiting to wreak havoc
on your machine.

How dangerous are string.format() dragons?
Should string.format() be inaccessible to untrusted Lua code?

Or, maybe Lua protects safely from the main threat (buffer overflow),
and all other dragons are small and acceptable?

Follow-Ups:
- Re: How does string.format handle undefined behavior?, Lorenzo Donati

References:
- Re: How does string.format handle undefined behavior?, Egor Skriptunoff

Prev by Date: Re: How does string.format handle undefined behavior?
Next by Date: Re: How does string.format handle undefined behavior?
Previous by thread: Re: How does string.format handle undefined behavior?
Next by thread: Re: How does string.format handle undefined behavior?
Index(es):
- Date
- Thread