lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Wed, Oct 7, 2020 at 2:00 PM Roberto Ierusalimschy
<> wrote:
> So, I don't see any bug here. (Of course, it would be better if we could
> improve the perforance of tables.)

One problem is that this can create an opportunity for DOS attacks if
the numbers are under the control of an attacker.

Strings have a similar problem if the 'step' parameter of luaS_hash is
> 1, you can create enormous amounts of strings that all hash to the
same value. This works for strings of length 41 and up in Lua 5.4.
Inserting a million maliciously crafted strings into the key position
of a table takes close to two hours on my laptop.

The question is whether this kind of "pathological" behavior should be
considered a bug or not.