malicious zero-length string in binary code may segfault Lua +

wrong code generation for some particular boolean expressions
This commit is contained in:
Roberto Ierusalimschy 2009-04-27 17:11:11 -03:00
parent c1f78ff3d3
commit 58c3aa8b5f
1 changed files with 30 additions and 2 deletions

32
bugs
View File

@ -1880,8 +1880,8 @@ patch = [[
+++ lundump.c 2008/04/04 19:51:41 2.7.1.4 +++ lundump.c 2008/04/04 19:51:41 2.7.1.4
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/* /*
-** $Id: bugs,v 1.97 2008/07/11 17:27:41 roberto Exp roberto $ -** $Id: bugs,v 1.98 2008/08/06 13:32:45 roberto Exp roberto $
+** $Id: bugs,v 1.97 2008/07/11 17:27:41 roberto Exp roberto $ +** $Id: bugs,v 1.98 2008/08/06 13:32:45 roberto Exp roberto $
** load precompiled Lua chunks ** load precompiled Lua chunks
** See Copyright Notice in lua.h ** See Copyright Notice in lua.h
*/ */
@ -2077,3 +2077,31 @@ patch = [[
]], ]],
} }
-----------------------------------------------------------------
-- Lua 5.1.4
Bug{
what = [[malicious zero-length string in binary code may segfault Lua]],
report = [["Peter Cawley, on 2008/09/01]],
since = [[5.1]],
example = [[
loadstring(('').dump(function()X''end):gsub('\2%z%z%zX','\0\0\0'))()
]],
patch = [[
]],
}
Bug{
what = [[wrong code generation for some particular boolean expressions]],
report = [["Brian Kelley, on 2009/04/15]],
since = [[5.0]],
example = [[
print(((1 or false) and true) or false) --> 1
-- should be 'true'
]],
patch = [[
]],
}