Re: Found heap-buffer-overflow with grammar-based fuzzer

[Xmilia Hermit <xmilia.hermit@...>]

Roberto Ierusalimschy:

> Loading binary files should be resistant to bad data.
>

I would say that it is not resistant to bad data. Have a look at https://github.com/lua/lua/blob/c4b71b7ba0dee419b5bda1ec297eca8e42c9f1d2/lundump.c#L250-L252 were n is loaded and can cause a buffer overflow when it is larger than the allocated upvalues array.

Regards,
Xmilia