lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

[CC'ing back to the list]

>>>>> "woosun" == woosun Kang <> writes:

 woosun> Thanks for your reply.
 woosun> In fact, I have seen reports of crashes using the debug
 woosun> function in CVE-2020-15945. So I must have misunderstood that
 woosun> Lua was getting reports of crashes with debug functions. I’m
 woosun> sorry.

That CVE refers to a case where one of the debug functions did have a
real bug, and would crash in some circumstances even when used in a way
that ought to have been safe.

The difference in the case you reported is that the debug functions you
used all did exactly what they were supposed to do, it's just that you
used them to alter the interpreter state in an unsafe manner.