lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> > > I am researcher in software testing from the University of Stuttgart, Germany. We are testing grammar-based fuzzers and have chosen Lua as one of our fuzz targets for our experiments. We found 2 issues in Lua, but one of those seems to be already fixed in recent versions. Thus, here is the remaining issue we found, which still results in a crash in the current Lua version.
> > 
> > Thanks for the report.
> > 
> > I've been unable to reproduce this bug. Did you use any special value
> > for the variable ASAN_OPTIONS? What compiler/version are you using?
> Could you do the following change to lundump.c and run the example again?
> @@ -248,6 +248,7 @@ static void loadDebug (LoadState *S, Proto *f) {
>      f->locvars[i].endpc = loadInt(S);
>    }
>    n = loadInt(S);
> +printf("%d %d\n", n, f->sizeupvalues);
>    for (i = 0; i < n; i++)
>      f->upvalues[i].name = loadStringN(S, f);
>  }
> (The two printed numbers should be equal...)

Was anyone able to reproduce that buffer overflow? If so, would it be
possible to try this previous experience?

Many thanks,

-- Roberto