[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Invalid memory access with Lua 5.1 lua_isnumber()
- From: "Timm S. Mueller" <tmueller@...>
- Date: Wed, 5 Mar 2014 12:12:06 +0100
Hi,
I think I have stumbled across a problem in lua_isnumber(). Lua 5.1.5
is affected, Lua 5.2.2 is not. The following is on Linux x86_64:
#include "lauxlib.h"
static int test(lua_State *L) {
lua_isnumber(L, 1);
return 0;
}
static const luaL_Reg test_funcs[] =
{ { "test", test }, { NULL, NULL } };
int luaopen_test(lua_State *L) {
luaL_register(L, "test", test_funcs);
return 1;
}
$ gcc test.c -fPIC -shared -llua -o test.so
$ valgrind /usr/local/bin/lua -e 'require"test".test("helo")' # => OK
$ valgrind /usr/local/bin/lua -e 'require"test".test("none")' # =>
==9069== Memcheck, a memory error detector
==9069== [..]
==9069== Invalid read of size 8
==9069== at 0x5A5CE0F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==9069== by 0x5A0F75C: ____strtod_l_internal (in /lib64/libc-2.15.so)
==9069== by 0x40AD99: luaO_str2d (in /usr/local/bin/lua)
==9069== by 0x410335: luaV_tonumber (in /usr/local/bin/lua)
==9069== by 0x40549E: lua_isnumber (in /usr/local/bin/lua)
==9069== by 0x6178688: test (in /mnt/office/tmueller/work/lua-5.1.5-bug/test.so)
==9069== by 0x40863B: luaD_precall (in /usr/local/bin/lua)
==9069== by 0x411BA7: luaV_execute (in /usr/local/bin/lua)
==9069== by 0x408A6C: luaD_call (in /usr/local/bin/lua)
==9069== by 0x407D06: luaD_rawrunprotected (in /usr/local/bin/lua)
==9069== by 0x408C01: luaD_pcall (in /usr/local/bin/lua)
==9069== by 0x40630E: lua_pcall (in /usr/local/bin/lua)
==9069== Address 0x5d87428 is 24 bytes inside a block of size 29 alloc'd
==9069== at 0x4C2AF0D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069== by 0x4C2B097: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069== by 0x40AAAB: luaM_realloc_ (in /usr/local/bin/lua)
==9069== by 0x40E6A5: luaS_newlstr (in /usr/local/bin/lua)
==9069== by 0x415C71: luaX_newstring (in /usr/local/bin/lua)
==9069== by 0x4160B2: llex (in /usr/local/bin/lua)
==9069== by 0x416988: luaX_next (in /usr/local/bin/lua)
==9069== [..]
More lines and another hit to follow. A cross check with strtod() alone
caused no problem.
- Timm
--
Timm S. Mueller <tmueller@schulze-mueller.de>
Schulze & Mueller GbR, Jungstr. 2, 10247 Berlin,
Gesellschafter: Franciska Schulze, Timm S. Mueller,
Tel. +49 30 85610000, http://www.schulze-mueller.de/