lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi, 

Thanks for the information! Yeah the test case is produced by a fuzzer mutating on the following example from a bug fix in lua:
---
maybe = string.dump(function() return ({[true]=true})[true] end)
maybe = maybe:gsub('\1\1','\1\2')
maybe = loadstring(maybe)()
assert(type(maybe) == "boolean" and maybe ~= true and maybe ~= false)
--- 

I think I need to adjust the tester to filter out this possibly "unreal" code. Thank you!

On Sat, Feb 4, 2023 at 10:08 AM David Sicilia <dpsicilia@gmail.com> wrote:
this example reads somehow extremely "tricky programmed".

If you look at the ASan stack trace produced by the OP you can see a reference to a folder named "lua_fuzz", and so that likely means that this code was produced by a fuzz tester, which would be a random Lua code generator intended to find bugs in programs by randomly probing the space of possible input programs until a crash is produced.  Hence it is not "real" code.  Despite that, these tests can sometimes flag real bugs in an interpreter, though in this case, as pointed out by cloudwu@, it appears to be a program that is not guaranteed by Lua to work to begin with, and so that means that the random Lua code generator in the OP's fuzz tester needs to be adjusted.
David

On Sat, Feb 4, 2023 at 1:17 AM bil til <biltil52@gmail.com> wrote:
this example reads somehow extremely "tricky programmed".

Can you give some indications, what you sort of application you want
to solve with this programming - then maybe more easy to understand
what could be happening here?

(What sense would it make to change the "string.dump" image of a
function? - do you want to do some stack / variable tricks here, which
are not possible otherwise in Lua?)


--
Best Wishes,
Yongheng Chen