lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> > > Loading binary files should be resistant to bad data.
> > 
> > I would say that it is not resistant to bad data. Have a look at https://github.com/lua/lua/blob/c4b71b7ba0dee419b5bda1ec297eca8e42c9f1d2/lundump.c#L250-L252
> > were n is loaded and can cause a buffer overflow when it is larger than
> > the allocated upvalues array.
> 
> That seems to be a bug, thanks for the report.

Actually, there is a good chance that it is *the* bug. Although I'm
unable to replicate the buffer overflow, the gsub seems to be
changing the number of upvalues of a closure, so it is reasonable
that a subsequent read of the dubg information (which should have
the same number of upvalues) can cause a buffer overflow.

-- Roberto