[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Bug in lua 5.2.1?
- From: Nikolay Zapolnov <zapolnov@...>
- Date: Wed, 5 Dec 2012 19:29:28 +0400
Hi!
I think that I have found a bug in lua_insert(), in Lua 5.2.1.
lua_insert() does the following loop:
for (q = L->top; q>p; q--) setobjs2s(L, q, q-1);
(first iteration writes value into L->top)
But according to index2addr():
if (o >= L->top) return NONVALIDVALUE;
(= means that L->top should not be accessed).
The problem is actually that my application crashes sometimes inside lua_insert(). I think it happens when lua_insert() is called on a "full" stack (i.e. when it tries to access L->top which points outside of the memory block). If I add lua_checkstack() before lua_insert(), the problem disappears.
Valgrind says the following:
==73618== Invalid write of size 8
==73618== at 0x1001587F2: lua_insert (lapi.c:190)
....
==73618== Address 0x103d1b230 is 0 bytes after a block of size 544 alloc'd
==73618== at 0x6599: realloc (vg_replace_malloc.c:666)
==73618== by 0x10015EC5A: l_alloc (lauxlib.c:925)
==73618== by 0x10017418A: luaM_realloc_ (lmem.c:84)
==73618== by 0x100168567: luaD_reallocstack (ldo.c:166)
==73618== by 0x1001687FF: luaD_shrinkstack (ldo.c:213)
==73618== by 0x10016D3CE: sweepthread (lgc.c:706)
==73618== by 0x10016D4D6: sweeplist (lgc.c:747)
==73618== by 0x10016E4AB: singlestep (lgc.c:1084)
==73618== by 0x10016E769: incstep (lgc.c:1132)
==73618== by 0x10016E85C: luaC_forcestep (lgc.c:1150)
==73618== by 0x10016E8DE: luaC_step (lgc.c:1162)
==73618== by 0x10015A33F: lua_createtable (lapi.c:669)
==73618==.
