lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Haha, thank you for the explanation! 0_o

On Sat, 22 Jul 2023 at 21:55, Yongchao Wang <ywanghz@cse.ust.hk> wrote:
Haha, thank you for the explanation! 0_o

On Sat, 22 Jul 2023 at 21:40, Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
>>>>> "Yongchao" == Yongchao Wang <chaowyc@gmail.com> writes:

 Yongchao> Hi all,

 Yongchao> We have detected that the resizebox method may trigger a null
 Yongchao> pointer dereference. Here is a possible vulnerable trace:

Static analysis is all very well, but it leads to pointless reports of
non-bugs like this.

resizebox is called only when the referenced stack position is already
known to contain a box (provided that the luaL_Buffer protocol is being
properly followed, which is the responsibility of the caller). As such,
the lua_touserdata call cannot return NULL and there is no bug.

--
Andrew.