Re: heap-buffer-overflow in luaH

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: heap-buffer-overflow in luaH_getshortstr
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 23 Feb 2022 10:48:03 -0300

>    I found this bug doing some experiments with afl++. It's strange that it
>    was not found by oss-fuzz project.

Its behavior is weird. A simple "local _ENV <const> = 0; X = 0" is
enough to trigger the bug, as it violates an assertion. With assertions
off (the default), however, it is very difficult to create a scenario
that causes a seg. fault. Even your example does not cause a seg. fault
when I use it under valgrind.

-- Roberto

References:
- heap-buffer-overflow in luaH_getshortstr, Кныжов Никита
- Re: heap-buffer-overflow in luaH_getshortstr, Roberto Ierusalimschy
- Re: heap-buffer-overflow in luaH_getshortstr, Кныжов Никита

Prev by Date: Re: rotating ASCII donut
Next by Date: Re: rotating ASCII donut
Previous by thread: Re: heap-buffer-overflow in luaH_getshortstr
Next by thread: Using Lua in mingw on Windows 10
Index(es):
- Date
- Thread