lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


It's a heap overflow bug. I  mistakably type in first sentence.

Xian Zeng <3123132899zeng@gmail.com> 于2023年5月23日周二 15:27写道:
I found a stack overflow in luaV_execute function.
Lua version:
Lua 5.4.6

How to reproduce:
curl -R -O http://www.lua.org/ftp/lua-5.4.6.tar.gz
tar zxf lua-5.4.6.tar.gz
cd lua-5.4.6
make all test
luafuzz@FuzzVM:~/Desktop/lua-5.4.6/src$ gdb ./lua -q
Reading symbols from ./lua...
(No debugging symbols found in ./lua)
(gdb) r /home/luafuzz/Desktop/11_005410496.lua
Starting program: /home/luafuzz/Desktop/lua-5.4.6/src/lua /home/luafuzz/Desktop/11_005410496.lua
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x000055555556d234 in luaH_realasize ()
(gdb) list
1 ../sysdeps/x86/abi-note.c: No such file or directory.
(gdb) bt
#0  0x000055555556d234 in luaH_realasize ()
#1  0x0000555555571380 in luaV_execute ()
#2  0x0000555555562b8d in luaD_callnoyield ()
#3  0x0000555555561ac3 in luaD_rawrunprotected ()
#4  0x0000555555562f64 in luaD_pcall ()
#5  0x000055555555f510 in lua_pcallk ()
#6  0x000055555555c1dc in docall ()
#7  0x000055555555cc77 in pmain ()
#8  0x00005555555627a5 in luaD_precall ()
#9  0x0000555555562b74 in luaD_callnoyield ()
#10 0x0000555555561ac3 in luaD_rawrunprotected ()
#11 0x0000555555562f64 in luaD_pcall ()
#12 0x000055555555f510 in lua_pcallk ()
#13 0x000055555555bc7b in main ()
(gdb) Quit

Found by: Simon Zeng