[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: heap buffer overflow in luaH_realasize()
- From: Roberto Ierusalimschy <roberto@...>
- Date: Tue, 23 May 2023 15:15:59 -0300
> Specifically, what's happening is that the debug.setlocal call is
> overwriting the temporary value holding the table that is being
> constructed to contain its return value. Honestly it seems unreasonable
> for the interpreter to even try and defend against things like this; the
> temporary should not be visible to any code other than the debug
> library, so there is no reason for its value to change unexpectedly.
Right. Note that this is explicitly mentioned in the warning about the
debug library in the manual (already sent to this thread):
Several of its functions violate basic assumptions about Lua
code (e.g., THAT VARIABLES LOCAL TO A FUNCTION CANNOT BE
ACCESSED FROM OUTSIDE; that userdata metatables cannot be
changed by Lua code; that Lua programs do not crash)
(emphasis added)
-- Roberto