Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Roberto Ierusalimschy <roberto@...>
Date: Fri, 17 Mar 2023 09:46:17 -0300

> at first, I couldn't reproduce the bug when I copied it from the email. So I guess there must be a particular byte-sequence present in the file to trigger it. When I used the original file (see attachment), however, it worked.

A crucial part of the example is the operation that changes the binary
dump:

  [...].gsub ([[	]], ""))

In the original file, the literal string contains an escape, which was
replaced by spaces in the message you sent first.

-- Roberto

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik

Prev by Date: RE: Entropy in the implementation of Lua
Next by Date: Added `continue` keyword to Lua 5.4 [code review requested].
Previous by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: Added `continue` keyword to Lua 5.4 [code review requested].
Index(es):
- Date
- Thread