[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
- From: Roberto Ierusalimschy <roberto@...>
- Date: Wed, 15 Mar 2023 16:34:40 -0300
> > Loading binary files should be resistant to bad data.
>
> I would say that it is not resistant to bad data. Have a look at https://github.com/lua/lua/blob/c4b71b7ba0dee419b5bda1ec297eca8e42c9f1d2/lundump.c#L250-L252
> were n is loaded and can cause a buffer overflow when it is larger than
> the allocated upvalues array.
That seems to be a bug, thanks for the report.
-- Roberto
