lua-users home
lua-l archive

Re: dostring and precompiled code

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Luiz Henrique de Figueiredo wrote:
> If dostring accepted
> precompiled code, it might be possible to crash the host by feeding dostring
> with malicious code, created on the fly in Lua, although I almost sure
> that badly built precompiled code is flagged; the only problems would be
> runtime errors, which have been discussed here in previous messages, and are
> hard to handle.
I'm not sure if I understand you right, but malicious code is definitely able
to generate a segfault. In fact, the virtual machine just assumes "correct"
code. It will happy execute a pushnil(999999).
> | if (*s == '27円') /* binary files start with ESC... */
> | lua_error(L, "`dostring' cannot run pre-compiled code");
And if you keep it in, better make that '33円' ;-)
Ciao, ET.

AltStyle によって変換されたページ (->オリジナル) /