Re: heap-buffer-overflow found in luaG

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: heap-buffer-overflow found in luaG_errormsg
From: Roberto Ierusalimschy <roberto@...>
Date: Tue, 24 May 2022 12:59:27 -0300

> As I understand it, luaG_runerror() as a part of error handling needs
> to control its stack space usage artificially, but luaO_pushvfstring()
> and luaG_addinfo()->luaO_pushfstring() produces two imperceptible
> stack growths, thus causing the problem. Is this understood correctly?

Well, I wouldn't call that stack growth "imperceptible", since it is
in the specification of luaO_pushfstring that it leaves its result
on the stack. (It's not by change that it has a "push" in its name :-)
In my mind, the real problem was the chain of two luaO_pushfstring;
after the second one, we forget that the result of the fist one is
still in the stack.


> By the way, will this patch be applied to the next release of Lua?

Sure.

-- Roberto

References:
- Re: heap-buffer-overflow found in luaG_errormsg, Jinwei Dong

Prev by Date: Re: heap-buffer-overflow found in luaG_errormsg
Next by Date: Re: heap-buffer-overflow found in luaG_errormsg
Previous by thread: Re: heap-buffer-overflow found in luaG_errormsg
Next by thread: Re: heap-buffer-overflow found in luaG_errormsg
Index(es):
- Date
- Thread