Integer overflow (leading to stack-based buffer overflow) in embedded lua_struct.c

Question

Integer overflow (leading to stack-based buffer overflow) in embedded lua_struct.c

Opened this issue 4 months ago · 2 comments

Crispy-fried-chicken commented 4 months ago

getnum in app/modules/struct.c potentially has an integer overflow if fmt is set too large. It might be triggered by running such lua statement: EVAL "struct.pack('>I2147483648', '10')" 0 It can be easily avoid by adding a bound check in getnum, and I'd like to open a PR for that if necessary.

Answer 1 · 2024-02-04T18:07:19.000Z

Please open a PR for that.

Answer 2 · 2024-02-05T02:41:46.000Z

Please open a PR for that.

Sure, I've already opened, which is #3633 please check it, thank you!