luaL_register crashed on iOS

[曹煦 <cao.xu@...>]

Hi

We’ve encountered a wired bug when using lua 5.1.4 on iOS. The luaL_register will crash when the number of registered libs is bigger than a threshold, 43 for my test. The following code snippet can reproduce the problem :

int luaopen_cameralibs(lua_State *lua) {

    luaL_register(lua, "camera", camera_libs);

    

    luaL_register(lua, "camera1", camera_libs);

    luaL_register(lua, "camera2", camera_libs);

    luaL_register(lua, "camera3", camera_libs);

    luaL_register(lua, "camera4", camera_libs);

    luaL_register(lua, "camera5", camera_libs);

    luaL_register(lua, "camera6", camera_libs);

    

    luaL_register(lua, "camera7", camera_libs);

    luaL_register(lua, "camera8", camera_libs);

    luaL_register(lua, "camera9", camera_libs);

    luaL_register(lua, "camera10", camera_libs);

    luaL_register(lua, "camera11", camera_libs);

    luaL_register(lua, "camera12", camera_libs);

    luaL_register(lua, "camera13", camera_libs);

    luaL_register(lua, "camera14", camera_libs);

    luaL_register(lua, "camera15", camera_libs);

    luaL_register(lua, "cameraa", camera_libs);

    luaL_register(lua, "camerab", camera_libs);

    luaL_register(lua, "camerac", camera_libs);

    luaL_register(lua, "camerad", camera_libs);

    luaL_register(lua, "camerae", camera_libs);

    luaL_register(lua, "cameraf", camera_libs);

    luaL_register(lua, "camerag", camera_libs);

    luaL_register(lua, "camerah", camera_libs);

    luaL_register(lua, "camerai", camera_libs);

    The stack was

luaT_gettmbyobj

call_binTM

luaV_concat

luaO_pushvfstring

luaG_runerror

luaH_set

resize

    rehash

newkey

luaH_set

luaV_settable

lua_settable

luaL_findtable

luaI_openlib

    

The error happened when ttisnil(key) = true during resize()

TValue *luaH_set (lua_State *L, Table *t, const TValue *key) {

  const TValue *p = luaH_get(t, key);

  t->flags = 0;

  if (p != luaO_nilobject)

    return cast(TValue *, p);

  else {

    if (ttisnil(key)) luaG_runerror(L, "table index is nil");

    else if (ttisnumber(key) && luai_numisnan(nvalue(key)))

      luaG_runerror(L, "table index is NaN");

    return newkey(L, t, key);

  }

}

and the app finally crashed at

const TValue *luaT_gettmbyobj (lua_State *L, const TValue *o, TMS event) {

  Table *mt;

  switch (ttype(o)) {

    case LUA_TTABLE:

      mt = hvalue(o)->metatable;

      break;

    case LUA_TUSERDATA:

      mt = uvalue(o)->metatable;

      break;

    default:

      mt = G(L)->mt[ttype(o)];

  }

  return (mt ? luaH_getstr(mt, G(L)->tmname[event]) : luaO_nilobject);

}

 

 with error EXC_BAD_ACCESS.  However, the code works when built with armv7(32bits).

Did anyone encounter the error before or have some hints to fix it?

Appreciate your help.

B.R.

Xu Cao