Roberto Ierusalimschy wrote:
> Well, I wouldn't call that stack growth "imperceptible", since it is
> in the specification of luaO_pushfstring that it leaves its result
> on the stack. (It's not by change that it has a "push" in its name :-)
> In my mind, the real problem was the chain of two luaO_pushfstring;
> after the second one, we forget that the result of the fist one is
> still in the stack.
Haha got it. I just learned Lua not long ago and I don't understand a lot of functions yet, thanks for the answer!
Do you normally assign CVE ids for this type of buffer overflow?