Re: Found heap-buffer-overflow with grammar-based fuzzer

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Found heap-buffer-overflow with grammar-based fuzzer
From: Roberto Ierusalimschy <roberto@...>
Date: Fri, 17 Mar 2023 11:39:27 -0300

> I have attached the other bug (test2.lua.txt). 
> 
> Git commit: be908a7d4d8130264ad67c5789169769f824c5d1
>
> c = xpcall (function (utf8, utf8, a, c, string, self) coroutine.resume(c, {[((0xc)%(0))]=(true)})
> 
> end, pairs ((true)))

Many thanks for the report. This one can be simplified to this:

   xpcall (function () return 10 % 0 end, next)

This bug was fixed in commit 02bab9fc258f. The problem was that the
arith. error in '10 % 0' did not save the interpreter's state, causing
the sigfault when the error in the call to 'next' tried to find how
it was called.

-- Roberto

References:
- Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik
- Re: Found heap-buffer-overflow with grammar-based fuzzer, Roberto Ierusalimschy
- RE: Found heap-buffer-overflow with grammar-based fuzzer, Betka, Maik

Prev by Date: Added `continue` keyword to Lua 5.4 [code review requested].
Next by Date: Re: Added `continue` keyword to Lua 5.4 [code review requested].
Previous by thread: RE: Found heap-buffer-overflow with grammar-based fuzzer
Next by thread: Re: Found heap-buffer-overflow with grammar-based fuzzer
Index(es):
- Date
- Thread