Em qua., 24 de fev. de 2021 às 22:54, Sean Conner <
sean@conman.org> escreveu:
> I have a bug reading an invalid pointer, in an adjacent library, which I'm
> not sure is caused by Lua gc.
It may be an issue over who owns the memory for the userdata, but without
knowing the exact error, it's hard to say.
Lua owns the pointer.
The code is run many times, then magically the "feeefeeefeeefeee" pointer appears.
I need to make sure that there are no mistakes part of Lua C api.
Regarding the problem, I can already say with certainty that it is the case of:
user-after-free
With the latest Lua from git,
I have a report with a simple execution of Lua.exe.
msvc 2019 (64 bits) with Debug:
Dr. Memory version 2.3.18665 build 0 built on Feb 13 2021 02:29:43
Windows version: WinVer=105;Rel=2004;Build=19041;Edition=Core
Dr. Memory results for pid 5764: "lua.exe"
Application cmdline: "lua.exe test.lua"
Recorded 124 suppression(s) from default c:\DrMemory\bin64\suppress-default.txt
Error #1: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlLookupFunctionEntry +0x33 (0x00007fffcce34163 <ntdll.dll+0x24163>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 4 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 5 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 6 luaM_free_ [C:\dll\lua\lmem.c:135]
# 7 luaD_inctop [C:\dll\lua\ldo.c:275]
# 8 lua_pcallk [C:\dll\lua\lapi.c:1056]
# 9 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#10 luaV_execute [C:\dll\lua\lvm.c:1618]
#11 ccall [C:\dll\lua\ldo.c:563]
#12 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#13 lua_callk [C:\dll\lua\lapi.c:1012]
#14 ll_require [C:\dll\lua\loadlib.c:668]
#15 luaV_execute [C:\dll\lua\lvm.c:1618]
#16 ccall [C:\dll\lua\ldo.c:563]
#17 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#18 f_call [C:\dll\lua\lapi.c:1030]
#19 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
Note: @0:00:25.836 in thread 7096
Note: instruction: cmp %rbx %rcx
Error #2: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlVirtualUnwind +0x184 (0x00007fffcce324b4 <ntdll.dll+0x224b4>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 5 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 6 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 7 luaM_free_ [C:\dll\lua\lmem.c:135]
# 8 luaD_inctop [C:\dll\lua\ldo.c:275]
# 9 lua_pcallk [C:\dll\lua\lapi.c:1056]
#10 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#11 luaV_execute [C:\dll\lua\lvm.c:1618]
#12 ccall [C:\dll\lua\ldo.c:563]
#13 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#14 lua_callk [C:\dll\lua\lapi.c:1012]
#15 ll_require [C:\dll\lua\loadlib.c:668]
#16 luaV_execute [C:\dll\lua\lvm.c:1618]
#17 ccall [C:\dll\lua\ldo.c:563]
#18 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#19 f_call [C:\dll\lua\lapi.c:1030]
Note: @0:00:25.836 in thread 7096
Note: instruction: movzx (%rbx) -> %ecx
Error #3: UNINITIALIZED READ: reading register ecx
# 0 ucrtbased.dll!set_errno +0x91 (0x00007fff958cafe1 <ucrtbased.dll+0x6afe1>)
# 1 ucrtbased.dll!seh_filter_exe +0x3c (0x00007fff958cb07d <ucrtbased.dll+0x6b07d>)
# 2 `__scrt_common_main_seh'::`1'::filt$0 [d:\agent\_work\63\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:304]
# 3 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 4 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 5 ntdll.dll!KiUserExceptionDispatcher +0x2d (0x00007fffcceb04ae <ntdll.dll+0xa04ae>)
# 6 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 7 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 8 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 9 luaM_free_ [C:\dll\lua\lmem.c:135]
#10 luaD_inctop [C:\dll\lua\ldo.c:275]
#11 lua_pcallk [C:\dll\lua\lapi.c:1056]
#12 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#13 luaV_execute [C:\dll\lua\lvm.c:1618]
#14 ccall [C:\dll\lua\ldo.c:563]
#15 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#16 lua_callk [C:\dll\lua\lapi.c:1012]
#17 ll_require [C:\dll\lua\loadlib.c:668]
#18 luaV_execute [C:\dll\lua\lvm.c:1618]
#19 ccall [C:\dll\lua\ldo.c:563]
Note: @0:00:25.856 in thread 7096
Note: instruction: cmp (%rax) %ecx
Error #4: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlLookupFunctionEntry +0x17b (0x00007fffcce342ab <ntdll.dll+0x242ab>)
# 1 ntdll.dll!RtlUnwindEx +0x1ee (0x00007fffcce31d3f <ntdll.dll+0x21d3f>)
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 luaM_free_ [C:\dll\lua\lmem.c:135]
# 5 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 6 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 7 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 8 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.406 in thread 7096
Note: instruction: cmp %rbx <rel> 0x00007fffccf90428
Error #5: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlVirtualUnwind +0x184 (0x00007fffcce324b4 <ntdll.dll+0x224b4>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 luaM_free_ [C:\dll\lua\lmem.c:135]
# 5 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 6 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 7 luaM_free_ [C:\dll\lua\lmem.c:135]
# 8 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.406 in thread 7096
Note: instruction: movzx (%rbx) -> %ecx
Error #6: UNINITIALIZED READ: reading 0x000000e5d797c0e0-0x000000e5d797c240 352 byte(s) within 0x000000e5d797c040-0x000000e5d797c240
# 0 ntdll.dll!RtlCaptureContext2 +0x2f0 (0x00007fffcceb0b50 <ntdll.dll+0xa0b50>)
# 1 ntdll.dll!RtlUnwindEx +0x565 (0x00007fffcce320b6 <ntdll.dll+0x220b6>)
# 2 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.446 in thread 7096
Note: instruction: fxrstor 0x00000100(%rcx)
Error #7: UNINITIALIZED READ: reading 0x000000e5d797beaa-0x000000e5d797beb0 6 byte(s) within 0x000000e5d797bea0-0x000000e5d797bec8
# 0 ntdll.dll!RtlCaptureContext2 +0x409 (0x00007fffcceb0c69 <ntdll.dll+0xa0c69>)
# 1 ntdll.dll!RtlUnwindEx +0x565 (0x00007fffcce320b6 <ntdll.dll+0x220b6>)
# 2 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.446 in thread 7096
Note: instruction: iret %rsp (%rsp) -> %rsp
Error #8: POSSIBLE LEAK 1624 direct bytes 0x000002e234ae07e0-0x000002e234ae0e38 + 14973 indirect bytes
# 0 replace_realloc [d:\a\drmemory\drmemory\common\alloc_replace.c:2672]
# 1 l_alloc [C:\dll\lua\lauxlib.c:1005]
# 2 luaL_newstate [C:\dll\lua\lauxlib.c:1076]
# 3 main [C:\dll\lua\lua.c:645]
===========================================================================
FINAL SUMMARY:
DUPLICATE ERROR COUNTS:
Error # 3: 12
Error # 7: 3
SUPPRESSIONS USED:
ERRORS FOUND:
0 unique, 0 total unaddressable access(es)
7 unique, 20 total uninitialized access(es)
0 unique, 0 total invalid heap argument(s)
0 unique, 0 total GDI usage error(s)
0 unique, 0 total handle leak(s)
0 unique, 0 total warning(s)
0 unique, 0 total, 0 byte(s) of leak(s)
1 unique, 1 total, 16597 byte(s) of possible leak(s)
ERRORS IGNORED:
3621 potential error(s) (suspected false positives)
(details: c:\tmp\DrMemory-lua.exe.5764.000\potential_errors.txt)
14 potential leak(s) (suspected false positives)
(details: c:\tmp\DrMemory-lua.exe.5764.000\potential_errors.txt)
600 unique, 1671 total, 155269 byte(s) of still-reachable allocation(s)
(re-run with "-show_reachable" for details)
Details: c:\tmp\DrMemory-lua.exe.5764.000\results.txt
I am not saying that there is a problem with Lua, it may be a defect in the tool.
Can anyone else confirm?