Re: dostring and precompiled code

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: dostring and precompiled code
From: Edgar Toernig <froese@...>
Date: Tue, 06 Feb 2001 02:45:54 +0100

Luiz Henrique de Figueiredo wrote:
> If dostring accepted
> precompiled code, it might be possible to crash the host by feeding dostring
> with malicious code, created on the fly in Lua, although I almost sure
> that badly built precompiled code is flagged; the only problems would be
> runtime errors, which have been discussed here in previous messages, and are
> hard to handle.

I'm not sure if I understand you right, but malicious code is definitely able
to generate a segfault.  In fact, the virtual machine just assumes "correct"
code.  It will happy execute a pushnil(999999).

> |  if (*s == '\27')  /* binary files start with ESC... */
> |    lua_error(L, "`dostring' cannot run pre-compiled code");

And if you keep it in, better make that '\33' ;-)

Ciao, ET.

References:
- Re: dostring and precompiled code, Luiz Henrique de Figueiredo

Prev by Date: Re: co-routines [was Re: Unicode]
Next by Date: Re: dostring and precompiled code
Previous by thread: Re: dostring and precompiled code
Next by thread: Re: dostring and precompiled code
Index(es):
- Date
- Thread