Re: Use after free during luaV

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Use after free during luaV_execute
From: 云风 <cloudwu@...>
Date: Sat, 4 Feb 2023 14:00:12 +0800

在 2023年2月4日，09:25，Yongheng Chen <changochen1@gmail.com> 写道：

A variant poc can trigger a crash in default build without asan:
---
ma0be=string.dump(
function()
return({[e]=true})[true]end)
ma0be=ma0be:gsub('\1\1','')
m=load(ma0be)((0)and 0)
---

It changes the bytecode, and Lua manual says :

Lua does not check the consistency of the code inside binary chunks; running maliciously crafted bytecode can crash the interpreter.

References:
- Use after free during luaV_execute, Yongheng Chen

Prev by Date: Use after free during luaV_execute
Next by Date: Re: Use after free during luaV_execute
Previous by thread: Use after free during luaV_execute
Next by thread: Re: Use after free during luaV_execute
Index(es):
- Date
- Thread