Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Javier Guerra Giraldez <javier@...>
Date: Wed, 15 Mar 2023 18:55:17 +0000

On Wed, 15 Mar 2023 at 16:01, Betka, Maik
<maik.betka@iste.uni-stuttgart.de> wrote:
> return utf8.dump (load (string.dump (function (...) return (((1.8e-2)//(function (table) if ((0.0e-1)//(function (table) if ((0.0e-0)+coroutine) then

this part is suspicious:

.... load (string.dump(function .....

there's no guarantee against loading arbitrary bytecode; which is
exactly what this snipped does.

-- 
Javier

Follow-Ups:
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik

Prev by Date: Re: Entropy in the implementation of Lua
Next by Date: Re: Found heap-buffer-overflow with grammar-based fuzzer
Previous by thread: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Index(es):
- Date
- Thread