RE: Heap use after free in lua_checkstack

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: Heap use after free in lua_checkstack
From: Yongheng Chen <changochen1@...>
Date: 2020年7月25日 23:07:31 -0400

This is the original POC before reduced. Maybe this can be reproduced https://gist.github.com/Changochen/7e63b9df1df910c969e7ac7d4020d379

Yongheng

From: Roberto Ierusalimschy
Sent: Saturday, July 25, 2020 2:44 PM
To: Lua mailing list
Subject: Re: Heap use after free in lua_checkstack

> We found a heap use after free in lua_checkstack. Here’s the POC:

> function errfunc() pcall(4) do coroutine.resume(coroutine.create(

> function() do local a function errfunc()

> a = {} loadstring 'fail' end coroutine.wrap(function() print(

> xpcall(test, errfunc)) end)() coro() end end))() end

> end(function() print(xpcall(test, errfunc)) end)()

> Lua version 5.4.0, git hash 34affe7a63fc5d842580a9f23616d057e17dfe27

I could not reproduce this one. (But I will look at it again later.)

-- Roberto

References:
- Heap use after free in lua_checkstack, Yongheng Chen
- Re: Heap use after free in lua_checkstack, Roberto Ierusalimschy

Prev by Date: Re: Segmentation fault in luaG_traceexec
Next by Date: RE: Heap use after free in lua_checkstack
Previous by thread: Re: Heap use after free in lua_checkstack
Next by thread: RE: Heap use after free in lua_checkstack
Index(es):
- Date
- Thread