Isn't hardening source code parsing much more difficult then hardening byte code parsing?
Sure, the output of the lua compiler might be guaranteed to not invoke undefined behavior in the byte code interpreter, but the compiler itself might be vulnerable.
To my knowledge, compilers like GCC and clang treat source code as trusted for this reason
Sure, the output of the lua compiler might be guaranteed to not invoke undefined behavior in the byte code interpreter, but the compiler itself might be vulnerable.
To my knowledge, compilers like GCC and clang treat source code as trusted for this reason