Invalid memory access with Lua 5.1 lua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Invalid memory access with Lua 5.1 lua_isnumber()
From: "Timm S. Mueller" <tmueller@...>
Date: Wed, 5 Mar 2014 12:12:06 +0100

Hi,

I think I have stumbled across a problem in lua_isnumber(). Lua 5.1.5
is affected, Lua 5.2.2 is not. The following is on Linux x86_64:

#include "lauxlib.h"
static int test(lua_State *L) {
 lua_isnumber(L, 1);
 return 0;
}
static const luaL_Reg test_funcs[] = 
{ { "test", test }, { NULL, NULL } };
int luaopen_test(lua_State *L) {
 luaL_register(L, "test", test_funcs);
 return 1;
}

$ gcc test.c -fPIC -shared -llua -o test.so
$ valgrind /usr/local/bin/lua -e 'require"test".test("helo")' # => OK
$ valgrind /usr/local/bin/lua -e 'require"test".test("none")' # =>
==9069== Memcheck, a memory error detector
==9069== [..]
==9069== Invalid read of size 8
==9069==    at 0x5A5CE0F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==9069==    by 0x5A0F75C: ____strtod_l_internal (in /lib64/libc-2.15.so)
==9069==    by 0x40AD99: luaO_str2d (in /usr/local/bin/lua)
==9069==    by 0x410335: luaV_tonumber (in /usr/local/bin/lua)
==9069==    by 0x40549E: lua_isnumber (in /usr/local/bin/lua)
==9069==    by 0x6178688: test (in /mnt/office/tmueller/work/lua-5.1.5-bug/test.so)
==9069==    by 0x40863B: luaD_precall (in /usr/local/bin/lua)
==9069==    by 0x411BA7: luaV_execute (in /usr/local/bin/lua)
==9069==    by 0x408A6C: luaD_call (in /usr/local/bin/lua)
==9069==    by 0x407D06: luaD_rawrunprotected (in /usr/local/bin/lua)
==9069==    by 0x408C01: luaD_pcall (in /usr/local/bin/lua)
==9069==    by 0x40630E: lua_pcall (in /usr/local/bin/lua)
==9069==  Address 0x5d87428 is 24 bytes inside a block of size 29 alloc'd
==9069==    at 0x4C2AF0D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069==    by 0x4C2B097: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069==    by 0x40AAAB: luaM_realloc_ (in /usr/local/bin/lua)
==9069==    by 0x40E6A5: luaS_newlstr (in /usr/local/bin/lua)
==9069==    by 0x415C71: luaX_newstring (in /usr/local/bin/lua)
==9069==    by 0x4160B2: llex (in /usr/local/bin/lua)
==9069==    by 0x416988: luaX_next (in /usr/local/bin/lua)
==9069== [..]

More lines and another hit to follow. A cross check with strtod() alone
caused no problem.

- Timm

-- 
Timm S. Mueller <tmueller@schulze-mueller.de>
Schulze & Mueller GbR, Jungstr. 2, 10247 Berlin,
Gesellschafter: Franciska Schulze, Timm S. Mueller,
Tel. +49 30 85610000, http://www.schulze-mueller.de/

Follow-Ups:
- Re: Invalid memory access with Lua 5.1 lua_isnumber(), Philipp Janda
- Re: Invalid memory access with Lua 5.1 lua_isnumber(), Timm S. Mueller

Prev by Date: Re: Will Lua 6.0 have LPeg?
Next by Date: Re: Lua Suggestion: return nil in string.find/match() for indexes that are before the string
Previous by thread: Re: Lua Workshop 2012 video missing
Next by thread: Re: Invalid memory access with Lua 5.1 lua_isnumber()
Index(es):
- Date
- Thread