[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: How does string.format handle undefined behavior?
- From: Philippe Verdy <verdyp@...>
- Date: Sat, 4 Sep 2021 21:41:18 +0200
string.format() in Lua does not suffer of any buffer overflow in C/C++ nul-terminated strings with most "*printf"-like functions, and does not expose any "%p" and pointer- or memory related fields.
It just mimics *some* of its behavior but processes each field with its own rule and uses safe (and immutable) Lua strings only, with known length and bound checks of indices everywhere for every operation on strings.
There's no "dragon" left behind.
On Fri, Aug 27, 2021 at 10:31 PM Lorenzo Donati wrote:
UB is just dragons waiting to wreak havoc
on your machine.
How dangerous are string.format() dragons?
Should string.format() be inaccessible to untrusted Lua code?
Or, maybe Lua protects safely from the main threat (buffer overflow),
and all other dragons are small and acceptable?