Lua: Endless loop and no limit on memory

alienari / bitfighter

Automatically exported from code.google.com/p/bitfighter

Other

0 stars 0 forks source link

Lua: Endless loop and no limit on memory #497

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

The following will freeze forever:
function main()
  while 2 < 5 do
  end
end

Using too much RAM can crash after using up 2 GB of RAM:
array1 = {}
function main()
  local i = 1
  while i < 100000000 do
    array1[i] = {{{{{{{{{{}}}}}}}}}}
    i = i + 1
  end
end

A single {} might not crash Windows 32 bit, but will memory leak after LUA 
memory exception.

Allowing users to upload these levelgen can kill the server. Limiting LUA 
memory usage and execution time may solve this.

Original issue reported on code.google.com by sam8641@gmail.com on 12 Jan 2015 at 9:29

GoogleCodeExporter commented 9 years ago

Would also be nice to allow editor plugin users to (optionally) kill a 
long-running plugin.

Original comment by bkcon...@gmail.com on 20 Jan 2015 at 6:24

GoogleCodeExporter commented 9 years ago

This is all doable... but is it worth the effort?

Original comment by watusim...@bitfighter.org on 27 Apr 2015 at 5:30

GoogleCodeExporter commented 9 years ago

Actually, if we are permitting users to upload scripts to a server, then it may 
be.  But are we?

Original comment by watusim...@bitfighter.org on 27 Apr 2015 at 5:30

GoogleCodeExporter commented 9 years ago

I'm not sure we are permitting uploading scripts - but we do allow downloading 
from pleiades which is another attack vector as well.  I suspect sam686 or kaen 
did fix uploading levelgen with the level as an admin.

Original comment by buckyballreaction on 27 Apr 2015 at 12:49