Re: Specially crafted binary chunks can cause Lua to crash

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Specially crafted binary chunks can cause Lua to crash
• From: Luiz Henrique de Figueiredo <lhf@...>
• Date: 2008年3月27日 08:51:23 -0300

---

> luaU_undump recursively parses its input but does not respect
> LUAI_MAXCCALLS, so a maliciously crafted input can blow the C stack.
Here is a fix:
static Proto* LoadFunction(LoadState* S, TString* p)
{
 Proto* f;
 if (++S->L->nCcalls > LUAI_MAXCCALLS) error(S,"code too deep");
 f=luaF_newproto(S->L);
 ...
 S->L->nCcalls--;
 return f;
}

---

• References:
  • Specially crafted binary chunks can cause Lua to crash, Peter Cawley
  • Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens
  • Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
  • Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens
  • Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
  • Re: Specially crafted binary chunks can cause Lua to crash, Luiz Henrique de Figueiredo
  • Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
  • Re: Specially crafted binary chunks can cause Lua to crash, Greg Falcon

• Prev by Date: Re: Specially crafted binary chunks can cause Lua to crash
• Next by Date: Re: detecting undefined variables--a new mixed approach
• Previous by thread: Re: Specially crafted binary chunks can cause Lua to crash
• Next by thread: Re: Specially crafted binary chunks can cause Lua to crash
• Index(es):
  • Date
  • Thread