[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: lua_newstate crashes on "setnilvalue(L, registry(L)); ", lua_State L initialized with garbage?
- From: Iaroslav Ianishyn <iaroslav.ianishyn@...>
- Date: Thu, 16 Mar 2017 15:48:21 +0200
Once a few dozens of launching my app I notice crash on start, lua
initialization.
Keeping in mind that this could be our-code issue, anyway I looked on
lua_newstate() implementation.
Here it is with my comments:
LUA_API lua_State *lua_newstate (lua_Alloc f, void *ud) {
int i;
lua_State *L;
global_State *g;
void *l = (*f)(ud, NULL, 0, state_size(LG)); // realloc
allocation (mem filled with garbage)
if (l == NULL) return NULL;
L = tostate(l);
g = &((LG *)L)->g;
L->next = NULL;
L->tt = LUA_TTHREAD;
g->currentwhite = bit2mask(WHITE0BIT, FIXEDBIT);
L->marked = luaC_white(g);
set2bits(L->marked, FIXEDBIT, SFIXEDBIT);
preinit_state(L, g);
g->frealloc = f;
g->ud = ud;
g->mainthread = L;
g->uvhead.u.l.prev = &g->uvhead;
g->uvhead.u.l.next = &g->uvhead;
g->GCthreshold = 0; /* mark it as unfinished state */
g->strt.size = 0;
g->strt.nuse = 0;
g->strt.hash = NULL;
setnilvalue(L, registry(L)); // crash
here
.....
setnilvalue macro gives something like this:
do
{
TValue *i_o = L->l_G->l_regisry; // l_G
points just to global_State *g, initialized in preinit_state(L, g), and
registry is plain struct member. Valid pointer but content filled with
garbage
if (i_o >= L->base && i_o < L->top && !stuckref(i_o))
{
i_o->value.gc->gch.refCount--; // crashed
bcs value.gc is garbage. It could pass inside IF bcs L->base, L->top and
i_o->tt also are garbage and ____could catch bad luck____.
}
i_o->tt=LUA_TNIL;
} while(0)
I'm wondering bcs if my reasoning right - this should be more frequent and
well-known issue. But smoking web gave no results.
So, the question is - where am I wrong? However, I really can't find
initialization of L->base, L->top and g->l_regisry->tt at this stage. (in my
case tt == 7 so pass !stuckref(i_o) check)
