lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


With this grand opening title, I would like to attract attention to the following problem in mime.c:.

Function luaopen_mime_core that is called when the mime module is required, calls function b64setup, which initialises a static (global) array b64unbase. It does this as follows:

static void b64setup(UC *unbase)
{
    int i;
    for (i = 0; i <= 255; i++) unbase[i] = (UC) 255;
    for (i = 0; i < 64; i++) unbase[b64base[i]] = (UC) i;
    unbase['='] = 0;
}

Observe that the first loop fills the entire array with byte value 255, then certain elements within the array are overwritten with some other values. Those other values are expected in mime.unb64.

In an application that hosts multiple Lua states this function will be called multiple times if code in multiple states requires mime. If the states run in concurrent threads, these calls may execute concurrently, too, and then can also run concurrently with the code that calls mime.unb64, which may see the incorrect byte value 255 set up by the first loop. There is no simple way to reproduce this except by using a debugger to freeze and thaw threads in the right places.

There are multiple ways to fix that, but perhaps it is best to initialise those arrays statically, because running the init code multiple times does not make much sense.

Cheers,
V.