[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Specially crafted binary chunks can cause Lua to crash
- From: "Greg Falcon" <veloso@...>
- Date: Thu, 27 Mar 2008 01:57:18 -0400
Another minor issue: LoadConstants() in the boolean case does not
validate that the byte read represents a boolean. Bytes greater than
1 should probably generate errors (or else coerce to 1). As it
stands, loadstring() can be abused to create a boolean that is neither
true nor false.
> maybe = loadstring(string.dump(function() return ({[true]=true})[true] end):gsub('\1\1','\1\2'))()
> = type(maybe)
boolean
> = maybe==true, maybe==false
false false
Greg F
- References:
- Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Daniel Stephens
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Luiz Henrique de Figueiredo
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Roberto Ierusalimschy
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Roberto Ierusalimschy
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
