 |
lua-l archive |
|
|
||
|
|
Hi, I think there is an uninitialized memory access in LPeg. Please see the following valgrind dump: ==2114== Conditional jump or move depends on uninitialised value(s) ==2114== at 0x4F208E0: correctkeys (lptree.c:224) ==2114== by 0x4F211D7: joinktables (lptree.c:268) ==2114== by 0x4F1F95E: newroot2sib (lptree.c:514) ==2114== by 0x4F1F133: lp_choice (lptree.c:564) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F4F3AE: luaD_call (ldo.c:503) ==2114== by 0x4F5B4A1: luaT_callTM (ltm.c:114) ==2114== by 0x4F5B4A1: luaT_callbinTM (ltm.c:130) ==2114== by 0x4F5B4E8: luaT_trybinTM (ltm.c:137) ==2114== by 0x4F5FD9B: luaV_execute (lvm.c:897) ==2114== by 0x4F4F436: luaD_call (ldo.c:504) ==2114== by 0x4F4F436: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4A2B3: lua_callk (lapi.c:924) ==2114== by 0x4F6D2D4: ll_require (loadlib.c:646) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F5DFFB: luaV_execute (lvm.c:1131) ==2114== by 0x4F4F3BA: luaD_call (ldo.c:504) ==2114== by 0x4F5B35A: luaT_callTM (ltm.c:114) ==2114== by 0x4F5D931: luaV_execute (lvm.c:836) ==2114== by 0x4F4F436: luaD_call (ldo.c:504) ==2114== by 0x4F4F436: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144) ==2114== by 0x4F4F9BA: luaD_pcall (ldo.c:734) ==2114== by 0x4F4A395: lua_pcallk (lapi.c:968) ==2114== by 0x4025E3: docall (lua.c:217) ==2114== by 0x4025E3: handle_script (lua.c:460) ==2114== by 0x4025E3: pmain (lua.c:595) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F4F42A: luaD_call (ldo.c:503) ==2114== by 0x4F4F42A: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144) ==2114== by 0x4F4F9BA: luaD_pcall (ldo.c:734) ==2114== by 0x4F4A395: lua_pcallk (lapi.c:968) ==2114== by 0x401F6A: main (lua.c:623) ==2114== Uninitialised value was created by a heap allocation ==2114== at 0x4A07172: malloc (vg_replace_malloc.c:298) ==2114== by 0x4A072E6: realloc (vg_replace_malloc.c:784) ==2114== by 0x4F765CF: allocFunc ==2114== by 0x4F548D1: luaM_realloc_ (lmem.c:86) ==2114== by 0x4F509EA: luaC_newobj (lgc.c:210) ==2114== by 0x4F5A020: luaS_newudata (lstring.c:241) ==2114== by 0x4F4A88B: lua_newuserdata (lapi.c:1186) ==2114== by 0x4F1F9E0: newtree (lptree.c:360) ==2114== by 0x4F2227E: newemptycap (lptree.c:732) ==2114== by 0x4F21B59: lp_poscapture (lptree.c:798) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F5DFFB: luaV_execute (lvm.c:1131) ==2114== by 0x4F4F436: luaD_call (ldo.c:504) ==2114== by 0x4F4F436: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4A2B3: lua_callk (lapi.c:924) ==2114== by 0x4F6D2D4: ll_require (loadlib.c:646) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F5DFFB: luaV_execute (lvm.c:1131) ==2114== by 0x4F4F3BA: luaD_call (ldo.c:504) ==2114== by 0x4F5B35A: luaT_callTM (ltm.c:114) ==2114== by 0x4F5D931: luaV_execute (lvm.c:836) ==2114== by 0x4F4F436: luaD_call (ldo.c:504) ==2114== by 0x4F4F436: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144) ==2114== by 0x4F4F9BA: luaD_pcall (ldo.c:734) ==2114== by 0x4F4A395: lua_pcallk (lapi.c:968) ==2114== by 0x4025E3: docall (lua.c:217) ==2114== by 0x4025E3: handle_script (lua.c:460) ==2114== by 0x4025E3: pmain (lua.c:595) ==2114== by 0x4F4F114: luaD_precall (ldo.c:438) ==2114== by 0x4F4F42A: luaD_call (ldo.c:503) ==2114== by 0x4F4F42A: luaD_callnoyield (ldo.c:514) ==2114== by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144) ==2114== by 0x4F4F9BA: luaD_pcall (ldo.c:734) ==2114== by 0x4F4A395: lua_pcallk (lapi.c:968) ==2114== by 0x401F6A: main (lua.c:623) The following patch seems to fix it: --- lpeg-1.0.1/lptree.c 2017-01-14 19:57:16.000000000 +0100 +++ lptree.c 2017-05-05 13:10:18.896650360 +0200 @@ -720,6 +720,7 @@ static TTree *auxemptycap (TTree *tree, int cap) { tree->tag = TCapture; tree->cap = cap; + tree->key = 0; sib1(tree)->tag = TTrue; return tree; } If you need the LPeg code that triggers this, I can try to reduce it. But this will take some time. - Jörg |