Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 15 Mar 2023 16:09:04 -0300

> On Wed, 15 Mar 2023 at 16:01, Betka, Maik
> <maik.betka@iste.uni-stuttgart.de> wrote:
> > return utf8.dump (load (string.dump (function (...) return (((1.8e-2)//(function (table) if ((0.0e-1)//(function (table) if ((0.0e-0)+coroutine) then
> 
> this part is suspicious:
> 
> .... load (string.dump(function .....
> 
> there's no guarantee against loading arbitrary bytecode; which is
> exactly what this snipped does.

That does not seem to be the problem. The error happens when loading
the modified dump, not when running it. Loading binary files should be
resistant to bad data.

-- Roberto

Follow-Ups:
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Xmilia Hermit

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Javier Guerra Giraldez

Prev by Date: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by Date: Re: Found heap-buffer-overflow with grammar-based fuzzer
Previous by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Index(es):
- Date
- Thread