[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
- From: Roberto Ierusalimschy <roberto@...>
- Date: Tue, 30 Nov 2021 15:37:08 -0300
> 1. singlestep function in incstep function
> My patch call the singlestep in incstep function with non-finalizer flag,
I did not test it, but I was thinking something like this:
void luaC_runtilstate (lua_State *L, int statesmask, int nofin) {
global_State *g = G(L);
while (!testbit(statesmask, g->gcstate)) {
if (nofin && g->gcstate == GCScallfin) {
g->gcstate = GCSpause; /* skip finalization state */
if (testbit(statesmask, g->gcstate))
break;
}
singlestep(L);
}
}
When 'nofin' is true, the loop simply skips the GCScallfin state.
-- Roberto
