[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
- From: Roberto Ierusalimschy <roberto@...>
- Date: Wed, 15 Mar 2023 16:09:04 -0300
> On Wed, 15 Mar 2023 at 16:01, Betka, Maik
> <maik.betka@iste.uni-stuttgart.de> wrote:
> > return utf8.dump (load (string.dump (function (...) return (((1.8e-2)//(function (table) if ((0.0e-1)//(function (table) if ((0.0e-0)+coroutine) then
>
> this part is suspicious:
>
> .... load (string.dump(function .....
>
> there's no guarantee against loading arbitrary bytecode; which is
> exactly what this snipped does.
That does not seem to be the problem. The error happens when loading
the modified dump, not when running it. Loading binary files should be
resistant to bad data.
-- Roberto