Re: heap-buffer-overflow found in luaG

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: heap-buffer-overflow found in luaG_errormsg
From: Roberto Ierusalimschy <roberto@...>
Date: Mon, 23 May 2022 10:08:38 -0300

> Does anyone have any good ideas on how to fix issues like this? In
> fact I'm curious how the developers would treat these weird little
> bugs.

For this specific bug, the problem was that 'luaG_runerror' was using
more extra slots than it needed. The fix can be like that:


@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) {
   va_start(argp, fmt);
   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
   va_end(argp);
-  if (isLua(ci))  /* if Lua function, add source:line information */
+  if (isLua(ci)) {  /* if Lua function, add source:line information */
     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
+    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
+    L->top--;
+  }
   luaG_errormsg(L);
 }


-- Roberto

References:
- Re: heap-buffer-overflow found in luaG_errormsg, Jinwei Dong

Prev by Date: AndroLua how to call android.intent_for_result()
Next by Date: Re: Lua toclose in lua_settop() crash
Previous by thread: Re: heap-buffer-overflow found in luaG_errormsg
Next by thread: Re: heap-buffer-overflow found in luaG_errormsg
Index(es):
- Date
- Thread