commit 58c3aa8b5f51194980a9abf463a2648bb1413925
parent c1f78ff3d32298fbae950bf655bdca11179343ce
Author: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
Date: Mon, 27 Apr 2009 17:10:47 -0300
malicious zero-length string in binary code may segfault Lua +
wrong code generation for some particular boolean expressions
Diffstat:
| M | bugs | | | 32 | ++++++++++++++++++++++++++++++-- |
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/bugs b/bugs
@@ -1880,8 +1880,8 @@ patch = [[
+++ lundump.c 2008/04/04 19:51:41 2.7.1.4
@@ -1,5 +1,5 @@
/*
--** $Id: bugs,v 1.97 2008/07/11 17:27:41 roberto Exp roberto $
-+** $Id: bugs,v 1.97 2008/07/11 17:27:41 roberto Exp roberto $
+-** $Id: bugs,v 1.98 2008/08/06 13:32:45 roberto Exp roberto $
++** $Id: bugs,v 1.98 2008/08/06 13:32:45 roberto Exp roberto $
** load precompiled Lua chunks
** See Copyright Notice in lua.h
*/
@@ -2077,3 +2077,31 @@ patch = [[
]],
}
+
+-----------------------------------------------------------------
+-- Lua 5.1.4
+
+Bug{
+what = [[malicious zero-length string in binary code may segfault Lua]],
+report = [["Peter Cawley, on 2008/09/01]],
+since = [[5.1]],
+example = [[
+loadstring(('').dump(function()X''end):gsub('\2%z%z%zX','\0\0\0'))()
+]],
+patch = [[
+]],
+}
+
+
+Bug{
+what = [[wrong code generation for some particular boolean expressions]],
+report = [["Brian Kelley, on 2009/04/15]],
+since = [[5.0]],
+example = [[
+print(((1 or false) and true) or false) --> 1
+-- should be 'true'
+]],
+patch = [[
+]],
+}
+
