lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Am 05.03.2014 12:12 schröbte Timm S. Mueller:


I think I have stumbled across a problem in lua_isnumber(). Lua 5.1.5
is affected, Lua 5.2.2 is not. The following is on Linux x86_64:

#include "lauxlib.h"
static int test(lua_State *L) {
  lua_isnumber(L, 1);
  return 0;
static const luaL_Reg test_funcs[] =
{ { "test", test }, { NULL, NULL } };
int luaopen_test(lua_State *L) {
  luaL_register(L, "test", test_funcs);
  return 1;

$ gcc test.c -fPIC -shared -llua -o

On Linux you probably don't need the `-llua` unless you changed the default linker flags (it doesn't seem to make a difference concerning this issue, though).

$ valgrind /usr/local/bin/lua -e 'require"test".test("helo")' # => OK
$ valgrind /usr/local/bin/lua -e 'require"test".test("none")' # =>
==9069== Memcheck, a memory error detector
==9069== [..]
==9069== Invalid read of size 8
==9069==    at 0x5A5CE0F: __GI___strncasecmp_l (in /lib64/
==9069==    by 0x5A0F75C: ____strtod_l_internal (in /lib64/
==9069==    by 0x40AD99: luaO_str2d (in /usr/local/bin/lua)
==9069==    by 0x410335: luaV_tonumber (in /usr/local/bin/lua)
==9069==    by 0x40549E: lua_isnumber (in /usr/local/bin/lua)
==9069==    by 0x6178688: test (in /mnt/office/tmueller/work/lua-5.1.5-bug/
==9069==    by 0x40863B: luaD_precall (in /usr/local/bin/lua)
==9069==    by 0x411BA7: luaV_execute (in /usr/local/bin/lua)
==9069==    by 0x408A6C: luaD_call (in /usr/local/bin/lua)
==9069==    by 0x407D06: luaD_rawrunprotected (in /usr/local/bin/lua)
==9069==    by 0x408C01: luaD_pcall (in /usr/local/bin/lua)
==9069==    by 0x40630E: lua_pcall (in /usr/local/bin/lua)
==9069==  Address 0x5d87428 is 24 bytes inside a block of size 29 alloc'd
==9069==    at 0x4C2AF0D: malloc (in /usr/lib64/valgrind/
==9069==    by 0x4C2B097: realloc (in /usr/lib64/valgrind/
==9069==    by 0x40AAAB: luaM_realloc_ (in /usr/local/bin/lua)
==9069==    by 0x40E6A5: luaS_newlstr (in /usr/local/bin/lua)
==9069==    by 0x415C71: luaX_newstring (in /usr/local/bin/lua)
==9069==    by 0x4160B2: llex (in /usr/local/bin/lua)
==9069==    by 0x416988: luaX_next (in /usr/local/bin/lua)
==9069== [..]

More lines and another hit to follow. A cross check with strtod() alone
caused no problem.

Can't reproduce it here on Ubuntu Linux 13.10, x86_64, glibc 2.17, or Ubuntu Linux 12.04, i386, glibc 2.15.

- Timm