Re: heap-buffer-overflow found in luaG

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: heap-buffer-overflow found in luaG_errormsg
From: Roberto Ierusalimschy <roberto@...>
Date: Fri, 13 May 2022 13:39:55 -0300

> I found a heap buffer overflow which can cause a heap double free error.
> 
> Lua version: Lua 5.4.4  Copyright (C) 1994-2022 Lua.org, PUC-Rio
> Latest commit: 8426d9b4d4df1da3c5b2d759e509ae1c50a86667
> 
> Platform: Ubuntu-20.04 x86_64
> Glibc version: GLIBC 2.31-0ubuntu9.9
> 
> POC:
> ---------------
> #poc.lua
> print(
>     xpcall((0),
>         function(...)
>             local f
>             if d[print(print(print(print(t[...]))))] then
>             end
>         end
>     )
> )

Many thanks for the report.

-- Roberto

Follow-Ups:
- Re: heap-buffer-overflow found in luaG_errormsg, Roberto Ierusalimschy

References:
- heap-buffer-overflow found in luaG_errormsg, Jinwei Dong

Prev by Date: Re: ‘continue’ keyword
Next by Date: Re: heap-buffer-overflow found in luaG_errormsg
Previous by thread: Re: heap-buffer-overflow found in luaG_errormsg
Next by thread: Re: heap-buffer-overflow found in luaG_errormsg
Index(es):
- Date
- Thread