[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: possible bug
- From: Roberto Ierusalimschy <roberto@...>
- Date: Fri, 27 Mar 2009 11:19:04 -0300
> I've included newest (unmodified) Lua into my c++ engine which I check
> for memory corruptions from time to time using the tool BoundChecker.
> It found some error inside Lua while creating a new state. I've attached
> two pictures showing the call stack, allocation call stack and code.
> If it is a bug, it doesn't do any bad things to my system
>
> Of course not all errors found by this tool are real ones, some
> techniques may cause false positives. But maybe some Lua developer wants
> to have a look for it.
>
> The code to reproduce it is this:
> lua_State* ls = luaL_newstate();
> luaL_openlibs(ls);
>
> Regards
> Joerg
>
>
> pictures:
> http://img210.imagevenue.com/img.php?image=59669_alloc_stack_122_594lo.jpg
> http://img253.imagevenue.com/img.php?image=59668_callstack_122_69lo.jpg
In the first picture, I could not understand about what pointer the
message is talking. The only pointers in the marked line [luaH_resize(L,
t, nasize, nsize)] are 'L' and 't', which do not change.
In the second picture, it may really be a small bug. When the table
has no hash elements, t->node points to 'dummynode' but t->lastfree
also points to dummynode (because size is 0). Then the decrement in the
marked line [while (t->lastfree-- > t->node) {] will make t->lastfree
point to outside the dummynode_ "array".
-- Roberto
- References:
- possible bug, kathrin_69@<a href="/cgi-bin/echo.cgi?gmx.de">...</a>
