Segmentation fault in luaG_traceexec

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Segmentation fault in luaG_traceexec

Yongheng Chen

Hi,

 

We found a segmentation fault in luaG_traceexec, here’s the POC:

co = coroutine.create(

function()

    function errfunc()

        return 'errfunc'

    end

    function test(do_yield)

        pcall(function()

            if do_yield then

                load(string.dump(errfunc, coroutine))() end end)

        end

        (function() print(

            xpcall(test, function() end, true)) end)() end

            )

debug.sethook(co, function() end, "lr")

coroutine.resume(co)

 

Lua version 5.4.0, git hash 34affe7a63fc5d842580a9f23616d057e17dfe27, tested on Ubuntu 16.04

 

Best,

Yongheng and Rui

 

Reply | Threaded
Open this post in threaded view
|

Re: Segmentation fault in luaG_traceexec

Egor Skriptunoff-2
The code can be reduced to the following:

local function f()
   local a = 1
end
f = load(string.dump(f, true))
local co = coroutine.create(f)
debug.sethook(co, function() end, "l")
coroutine.resume(co)

Looks like a problem with the "line event" hook for a bytecode without debug info.