Re: Invalid memory access with Lua 5.1 lua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Invalid memory access with Lua 5.1 lua_isnumber()
From: Philipp Janda <siffiejoe@...>
Date: Wed, 05 Mar 2014 14:23:13 +0100

Am 05.03.2014 12:12 schröbte Timm S. Mueller:

Hi,

Hi!


I think I have stumbled across a problem in lua_isnumber(). Lua 5.1.5
is affected, Lua 5.2.2 is not. The following is on Linux x86_64:

#include "lauxlib.h"
static int test(lua_State *L) {
  lua_isnumber(L, 1);
  return 0;
}
static const luaL_Reg test_funcs[] =
{ { "test", test }, { NULL, NULL } };
int luaopen_test(lua_State *L) {
  luaL_register(L, "test", test_funcs);
  return 1;
}

$ gcc test.c -fPIC -shared -llua -o test.so

On Linux you probably don't need the `-llua` unless you changed thedefault linker flags (it doesn't seem to make a difference concerningthis issue, though).

$ valgrind /usr/local/bin/lua -e 'require"test".test("helo")' # => OK
$ valgrind /usr/local/bin/lua -e 'require"test".test("none")' # =>
==9069== Memcheck, a memory error detector
==9069== [..]
==9069== Invalid read of size 8
==9069==    at 0x5A5CE0F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==9069==    by 0x5A0F75C: ____strtod_l_internal (in /lib64/libc-2.15.so)
==9069==    by 0x40AD99: luaO_str2d (in /usr/local/bin/lua)
==9069==    by 0x410335: luaV_tonumber (in /usr/local/bin/lua)
==9069==    by 0x40549E: lua_isnumber (in /usr/local/bin/lua)
==9069==    by 0x6178688: test (in /mnt/office/tmueller/work/lua-5.1.5-bug/test.so)
==9069==    by 0x40863B: luaD_precall (in /usr/local/bin/lua)
==9069==    by 0x411BA7: luaV_execute (in /usr/local/bin/lua)
==9069==    by 0x408A6C: luaD_call (in /usr/local/bin/lua)
==9069==    by 0x407D06: luaD_rawrunprotected (in /usr/local/bin/lua)
==9069==    by 0x408C01: luaD_pcall (in /usr/local/bin/lua)
==9069==    by 0x40630E: lua_pcall (in /usr/local/bin/lua)
==9069==  Address 0x5d87428 is 24 bytes inside a block of size 29 alloc'd
==9069==    at 0x4C2AF0D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069==    by 0x4C2B097: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9069==    by 0x40AAAB: luaM_realloc_ (in /usr/local/bin/lua)
==9069==    by 0x40E6A5: luaS_newlstr (in /usr/local/bin/lua)
==9069==    by 0x415C71: luaX_newstring (in /usr/local/bin/lua)
==9069==    by 0x4160B2: llex (in /usr/local/bin/lua)
==9069==    by 0x416988: luaX_next (in /usr/local/bin/lua)
==9069== [..]

More lines and another hit to follow. A cross check with strtod() alone
caused no problem.

Can't reproduce it here on Ubuntu Linux 13.10, x86_64, glibc 2.17, orUbuntu Linux 12.04, i386, glibc 2.15.


- Timm


Philipp

Follow-Ups:
- Re: Invalid memory access with Lua 5.1 lua_isnumber(), Timm S. Mueller

References:
- Invalid memory access with Lua 5.1 lua_isnumber(), Timm S. Mueller

Prev by Date: Re: Lua Suggestion: return nil in string.find/match() for indexes that are before the string
Next by Date: Re: Lua Suggestion: return nil in string.find/match() for indexes that are before the string
Previous by thread: Invalid memory access with Lua 5.1 lua_isnumber()
Next by thread: Re: Invalid memory access with Lua 5.1 lua_isnumber()
Index(es):
- Date
- Thread