[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Maybe a bug in lundump.c
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Wed, 19 Mar 2014 08:22:57 -0300
> I mean if the input stream is not generate by luac or string.dump,
> LoadString may return NULL .
If the stream is not generated by Lua, then all bets are off.
If you want to crash Lua, lundump.c won't stop you.
The goal in lundump.c is fast loading. It does not check for valid input,
but it does check for accidental loading of older versions and different
architecture, which can (and does) happen in good faith.
The current version does as much checking as we need but it does not
protect against malicious input. If you're worried about that, just
don't load precompiled scripts from unknown sources.
> Do more checking for the corrupted data stream would be better .
Feel free to use your own lundump.c with more checking if you need.