lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> We have observed a crash in while using Lua. I haven't determined the cause yet. I'm just wondering whether it could be a bug in Lua itself. I'm attaching the trace dump.
> 
> The crash occurred because an array that is Null is accessed. In method 'traversetable', line number 181 (markvalue(g, &h->array[i]);) results in the SIGSEGV because h->array is Null.
> 
> (gdb) print L->l_G->gray->th.l_gt.value.gc.h
> $93 = {next = 0x2d8f2e0, tt = 5 '\005', marked = 4 '\004', flags = 0 '\000', lsizenode = 6 '\006', metatable = 0x0, array = 0x0, node = 0x2d92710, lastfree = 0x2d92c88,
>   gclist = 0x2d8f2e0, sizearray = 4332}
> 
> (gdb) print *L->l_G->gray->th.l_gt.value.gc.h.metatable
> Cannot access memory at address 0x0
> (gdb) print *L->l_G->gray->th.l_gt.value.gc.h.array
> A syntax error in expression, near `array'.
> 
> Have you observed something like this before? Or is it the problem with our code. Please let me know if you need more information.

Although 'array' is NULL, sizearray is 4332.

The field 'array' is assigned only in the source file ltable.c, in three
places: luaH_new, setarrayvector, and resize. In all three, 'sizearray'
is set accordingly. In luaH_new and setarrayvector, there is no way to
set one without the other. In setarrayvector, a bug might interrupt
Lua between setting 'sizearray' and then setting 'array', but it is
shrinking the array, so sizearray would be smaller than the real size,
not larger (NULL means an array with size==0).

Another option would be that the table itself has been collected (maybe
a bug in the garbage collector?), so it may contain any kind of garbage.
However, other fields between them, such as 'node' and 'lastfree', seem
to have reasonable values...

I would suggest a memory-checking tool (e.g., purify or valgrind)
first. Among other things, it would quickly tell whether the program is
accessing deallocated memory.

-- Roberto