Check string indices when loading binary chunk
Lua is not religious about that, but it tries to avoid crashes when
loading binary chunks.
diff --git a/lundump.c b/lundump.c
index 1052898..ade4038 100644
--- a/lundump.c
+++ b/lundump.c
@@ -154,8 +154,9 @@
else if (size == 1) { /* previously saved string? */
lua_Unsigned idx = loadVarint(S, LUA_MAXUNSIGNED); /* get its index */
TValue stv;
- luaH_getint(S->h, l_castU2S(idx), &stv); /* get its value */
- *sl = ts = tsvalue(&stv);
+ if (novariant(luaH_getint(S->h, l_castU2S(idx), &stv)) != LUA_TSTRING)
+ error(S, "invalid string index");
+ *sl = ts = tsvalue(&stv); /* get its value */
luaC_objbarrier(L, p, ts);
return; /* do not save it again */
}
@@ -394,11 +395,10 @@
LoadState S;
LClosure *cl;
if (*name == '@' || *name == '=')
- S.name = name + 1;
+ name = name + 1;
else if (*name == LUA_SIGNATURE[0])
- S.name = "binary string";
- else
- S.name = name;
+ name = "binary string";
+ S.name = name;
S.L = L;
S.Z = Z;
S.fixed = cast_byte(fixed);
diff --git a/manual/manual.of b/manual/manual.of
index baa33d8..5bab781 100644
--- a/manual/manual.of
+++ b/manual/manual.of
@@ -1403,8 +1403,7 @@
Programs in source and compiled forms are interchangeable;
Lua automatically detects the file type and acts accordingly @seeF{load}.
Be aware that, unlike source code,
-the execution of maliciously crafted
-bytecode can crash the interpreter.
+maliciously crafted binary chunks can crash the interpreter.
}
@@ -6694,11 +6693,10 @@
or @St{bt} (both binary and text).
The default is @St{bt}.
-It is safe to load malformed binary chunks;
-@id{load} signals an appropriate error.
-However,
-Lua does not check the consistency of the code inside binary chunks;
-running maliciously crafted bytecode can crash the interpreter.
+Lua does not check the consistency of binary chunks.
+Maliciously crafted binary chunks can crash
+the interpreter.
+You can use the @id{mode} parameter to prevent loading binary chunks.
}
