Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Roberto Ierusalimschy <roberto@...>
Date: Thu, 16 Mar 2023 12:04:21 -0300

> Hello,
> 
> at first, I couldn't reproduce the bug when I copied it from the email. So I guess there must be a particular byte-sequence present in the file to trigger it. When I used the original file (see attachment), however, it worked.
> 
> gcc version 11.3.1 20220421 (Red Hat 11.3.1-2) (GCC)
> 
> See the output of your requested code modification:
> 
> $ cat ~/test1.lua | ./lua
> 0 0
> 1 1
> 1 1
> 1 1
> 0 0
> 1 1
> 180480 1

That seems to nail it. I was able to reproduce the bug now (with your
attachment and valgrind), and the overflow is exactly that problem
pointed out by Xmilia.

-- Roberto

Follow-Ups:
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Alexander Chernoskutov

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik

Prev by Date: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by Date: RE: Found heap-buffer-overflow with grammar-based fuzzer
Previous by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: RE: Found heap-buffer-overflow with grammar-based fuzzer
Index(es):
- Date
- Thread