[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: heap buffer overflow in luaH_realasize()
- From: 云风 Cloud Wu <cloudwu@...>
- Date: Tue, 23 May 2023 17:27:27 +0800
Xian Zeng <3123132899zeng@gmail.com> 于2023年5月23日周二 15:27写道:
>
> I found a stack overflow in luaV_execute function.
> Lua version:
> Lua 5.4.6
>
> How to reproduce:
>
> curl -R -O http://www.lua.org/ftp/lua-5.4.6.tar.gz
> tar zxf lua-5.4.6.tar.gz
> cd lua-5.4.6
> make all test
>
> luafuzz@FuzzVM:~/Desktop/lua-5.4.6/src$ gdb ./lua -q
> Reading symbols from ./lua...
> (No debugging symbols found in ./lua)
> (gdb) r /home/luafuzz/Desktop/11_005410496.lua
I found 11_005410496.lua uses a debug function "debug.setlocal()" ,
and the debug api may crashs the program :
Several of its functions violate basic assumptions about Lua code
(e.g., that variables local to a function cannot be accessed from
outside; that userdata metatables cannot be changed by Lua code; that
Lua programs do not crash)
https://www.lua.org/manual/5.4/manual.html#6.10