*** This bug is a security vulnerability *** Public security bug reported:
See http://www.lua.org/bugs.html section 5.2.2 for details. Essentially: Stack overflow in vararg functions with many fixed parameters called with few arguments. reported by 云风 on 17 Apr 2013. existed since 5.1. fixed in 5.2.3. Example: function f(p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15, p16, p17, p18, p19, p20, p21, p22, p23, p24, p25, p26, p27, p28, p29, p30, p31, p32, p33, p34, p35, p36, p37, p38, p39, p40, p41, p42, p43, p44, p45, p46, p48, p49, p50, ...) local a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14 end f() -- crashes on some machines Patch: ldo.c: @@ -324,7 +324,7 @@ case LUA_TLCL: { /* Lua function: prepare its call */ StkId base; Proto *p = clLvalue(func)->p; - luaD_checkstack(L, p->maxstacksize); + luaD_checkstack(L, p->maxstacksize + p->numparams); func = restorestack(L, funcr); n = cast_int(L->top - func) - 1; /* number of real arguments */ for (; n < p->numparams; n++) ** Affects: lua5.2 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lua5.2 in Ubuntu. https://bugs.launchpad.net/bugs/1362278 Title: Stack overflow in vararg functions with many fixed parameters called with few arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lua5.2/+bug/1362278/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
