Integer overflow (leading to stack-based buffer overflow) in embedded lua_struct.c
Opened this issue · 2 comments
Crispy-fried-chicken commented
getnum
in app/modules/struct.c
potentially has an integer overflow if fmt
is set too large. It might be triggered by running such lua statement: EVAL "struct.pack('>I2147483648', '10')" 0
It can be easily avoid by adding a bound check in getnum
, and I'd like to open a PR for that if necessary.
pjsg commented
Please open a PR for that.
Crispy-fried-chicken commented
Please open a PR for that.
Sure, I've already opened, which is #3633 please check it, thank you!