Giter Site home page Giter Site logo

TscLua 崩溃 about tscancode HOT 2 CLOSED

firmianay avatar firmianay commented on May 27, 2024
TscLua 崩溃

from tscancode.

Comments (2)

ben620 avatar ben620 commented on May 27, 2024

构造的 lua 文件如下所示,也可以将其加到任意 lua 文件中,用于对抗扫描器:

function test(a)
    local result = false
    if result then
        if a[0] == "A" then
            result = true
            print("A")
        else
            print("B")
        end
    end

    if result then
        print("C")
    else
        print("D")
    end
end

test({"A", "B"})

正常运行:

$ lua -v       
Lua 5.3.3  Copyright (C) 1994-2016 Lua.org, PUC-Rio
$ lua test.lua 
D

崩溃:

$ ./tsclua test.lua 
tokenize...
[tokenize][1/1] /home/firmy/TscLua/test.lua
analyze entry file...
check...
[preRuleAnalyze][1/9] uninitvar
[preRuleAnalyze][2/9] OrTrue
[preRuleAnalyze][3/9] intercall
[preRuleAnalyze][4/9] CheckOther
[preRuleAnalyze][5/9] Style
[preRuleAnalyze][6/9] scope
[preRuleAnalyze][7/9] CheckOther2
[preRuleAnalyze][8/9] logic
[preRuleAnalyze][9/9] CheckGlobalVar
[check][1/1] /home/firmy/TscLua/test.lua
[1]    340431 segmentation fault (core dumped)  ./tsclua test.lua

     0x41d75c <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov    rbx, rdi
     0x41d75f <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov    rax, QWORD PTR [rdx+0x20]
 →   0x41d763 <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov    rcx, QWORD PTR [rax+0x8]
     0x41d767 <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> cmp    QWORD PTR [rax], rcx
     0x41d76a <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> je     0x41d778 <_ZN15CCheckUninitVar25HandleSpecialIfNotRequireEPK5Token+40>
     0x41d76c <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> pop    rbx
     0x41d76d <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> ret    
     0x41d76e <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> xchg   ax, ax
[#0] Id 1, Name: "tsclua", stopped 0x41d763 in CCheckUninitVar::HandleSpecialIfNotRequire(Token const*) (), reason: SIGSEGV
[#1] 0x4220b2 → CCheckUninitVar::HandleIf(Token const*)()
[#2] 0x42748b → CCheckUninitVar::CheckUninitVar()()
[#3] 0x49af81 → LuaCheck::check()()
[#4] 0x4e0bd7 → LuaCheckExecutor::check(int, char const* const*)()
[#5] 0x41afb4 → main()

如果可以,帮忙申请一个CVE,谢谢!

已更新一个新版本。可以再试试,如果发现新的问题,欢迎反馈

from tscancode.

firmianay avatar firmianay commented on May 27, 2024

https://nvd.nist.gov/vuln/detail/CVE-2022-35158
Discoverer: Chao Yang@Li Auto

from tscancode.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.