Re: Lua stack clean

Em qua., 24 de fev. de 2021 às 23:17, Ranier Vilela <ranier.vf@gmail.com> escreveu:

Em qua., 24 de fev. de 2021 às 22:54, Sean Conner <sean@conman.org> escreveu:
> I have a bug reading an invalid pointer, in an adjacent library, which I'm
> not sure is caused by Lua gc.

It may be an issue over who owns the memory for the userdata, but without
knowing the exact error, it's hard to say.
Lua owns the pointer.
The code is run many times, then magically the "feeefeeefeeefeee" pointer appears.
I need to make sure that there are no mistakes part of Lua C api.

Regarding the problem, I can already say with certainty that it is the case of:

user-after-free

https://stackoverflow.com/questions/2436020/detecting-use-after-free-on-windows-dangling-pointers

While I am fighting the problem, I have used some tools.
One of them is DrMemory (https://www.drmemory.org/)

With the latest Lua from git,

I have a report with a simple execution of Lua.exe.

msvc 2019 (64 bits) with Debug:

Dr. Memory version 2.3.18665 build 0 built on Feb 13 2021 02:29:43
Windows version: WinVer=105;Rel=2004;Build=19041;Edition=Core
Dr. Memory results for pid 5764: "lua.exe"
Application cmdline: "lua.exe test.lua"
Recorded 124 suppression(s) from default c:\DrMemory\bin64\suppress-default.txt

Error #1: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlLookupFunctionEntry +0x33 (0x00007fffcce34163 <ntdll.dll+0x24163>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 4 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 5 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 6 luaM_free_ [C:\dll\lua\lmem.c:135]
# 7 luaD_inctop [C:\dll\lua\ldo.c:275]
# 8 lua_pcallk [C:\dll\lua\lapi.c:1056]
# 9 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#10 luaV_execute [C:\dll\lua\lvm.c:1618]
#11 ccall [C:\dll\lua\ldo.c:563]
#12 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#13 lua_callk [C:\dll\lua\lapi.c:1012]
#14 ll_require [C:\dll\lua\loadlib.c:668]
#15 luaV_execute [C:\dll\lua\lvm.c:1618]
#16 ccall [C:\dll\lua\ldo.c:563]
#17 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#18 f_call [C:\dll\lua\lapi.c:1030]
#19 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
Note: @0:00:25.836 in thread 7096
Note: instruction: cmp %rbx %rcx

Error #2: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlVirtualUnwind +0x184 (0x00007fffcce324b4 <ntdll.dll+0x224b4>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 5 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 6 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 7 luaM_free_ [C:\dll\lua\lmem.c:135]
# 8 luaD_inctop [C:\dll\lua\ldo.c:275]
# 9 lua_pcallk [C:\dll\lua\lapi.c:1056]
#10 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#11 luaV_execute [C:\dll\lua\lvm.c:1618]
#12 ccall [C:\dll\lua\ldo.c:563]
#13 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#14 lua_callk [C:\dll\lua\lapi.c:1012]
#15 ll_require [C:\dll\lua\loadlib.c:668]
#16 luaV_execute [C:\dll\lua\lvm.c:1618]
#17 ccall [C:\dll\lua\ldo.c:563]
#18 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#19 f_call [C:\dll\lua\lapi.c:1030]
Note: @0:00:25.836 in thread 7096
Note: instruction: movzx (%rbx) -> %ecx

Error #3: UNINITIALIZED READ: reading register ecx
# 0 ucrtbased.dll!set_errno +0x91 (0x00007fff958cafe1 <ucrtbased.dll+0x6afe1>)
# 1 ucrtbased.dll!seh_filter_exe +0x3c (0x00007fff958cb07d <ucrtbased.dll+0x6b07d>)
# 2 `__scrt_common_main_seh'::`1'::filt$0 [d:\agent\_work\63\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:304]
# 3 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 4 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 5 ntdll.dll!KiUserExceptionDispatcher +0x2d (0x00007fffcceb04ae <ntdll.dll+0xa04ae>)
# 6 ucrtbased.dll!recalloc +0xa66 (0x00007fff958b6cf7 <ucrtbased.dll+0x56cf7>)
# 7 luaD_rawrunprotected [C:\dll\lua\ldo.c:144]
# 8 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 9 luaM_free_ [C:\dll\lua\lmem.c:135]
#10 luaD_inctop [C:\dll\lua\ldo.c:275]
#11 lua_pcallk [C:\dll\lua\lapi.c:1056]
#12 luaB_pcall [C:\dll\lua\lbaselib.c:456]
#13 luaV_execute [C:\dll\lua\lvm.c:1618]
#14 ccall [C:\dll\lua\ldo.c:563]
#15 luaD_tryfuncTM [C:\dll\lua\ldo.c:581]
#16 lua_callk [C:\dll\lua\lapi.c:1012]
#17 ll_require [C:\dll\lua\loadlib.c:668]
#18 luaV_execute [C:\dll\lua\lvm.c:1618]
#19 ccall [C:\dll\lua\ldo.c:563]
Note: @0:00:25.856 in thread 7096
Note: instruction: cmp (%rax) %ecx

Error #4: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlLookupFunctionEntry +0x17b (0x00007fffcce342ab <ntdll.dll+0x242ab>)
# 1 ntdll.dll!RtlUnwindEx +0x1ee (0x00007fffcce31d3f <ntdll.dll+0x21d3f>)
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 luaM_free_ [C:\dll\lua\lmem.c:135]
# 5 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 6 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 7 l_alloc [C:\dll\lua\lauxlib.c:1001]
# 8 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.406 in thread 7096
Note: instruction: cmp %rbx <rel> 0x00007fffccf90428

Error #5: UNINITIALIZED READ: reading register rbx
# 0 ntdll.dll!RtlVirtualUnwind +0x184 (0x00007fffcce324b4 <ntdll.dll+0x224b4>)
# 1 luaM_free_ [C:\dll\lua\lmem.c:135]
# 2 luaM_free_ [C:\dll\lua\lmem.c:135]
# 3 luaM_free_ [C:\dll\lua\lmem.c:135]
# 4 luaM_free_ [C:\dll\lua\lmem.c:135]
# 5 ntdll.dll!_chkstk +0x11e (0x00007fffcceb197f <ntdll.dll+0xa197f>)
# 6 ntdll.dll!RtlRaiseException +0x433 (0x00007fffcce5b754 <ntdll.dll+0x4b754>)
# 7 luaM_free_ [C:\dll\lua\lmem.c:135]
# 8 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.406 in thread 7096
Note: instruction: movzx (%rbx) -> %ecx

Error #6: UNINITIALIZED READ: reading 0x000000e5d797c0e0-0x000000e5d797c240 352 byte(s) within 0x000000e5d797c040-0x000000e5d797c240
# 0 ntdll.dll!RtlCaptureContext2 +0x2f0 (0x00007fffcceb0b50 <ntdll.dll+0xa0b50>)
# 1 ntdll.dll!RtlUnwindEx +0x565 (0x00007fffcce320b6 <ntdll.dll+0x220b6>)
# 2 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.446 in thread 7096
Note: instruction: fxrstor 0x00000100(%rcx)

Error #7: UNINITIALIZED READ: reading 0x000000e5d797beaa-0x000000e5d797beb0 6 byte(s) within 0x000000e5d797bea0-0x000000e5d797bec8
# 0 ntdll.dll!RtlCaptureContext2 +0x409 (0x00007fffcceb0c69 <ntdll.dll+0xa0c69>)
# 1 ntdll.dll!RtlUnwindEx +0x565 (0x00007fffcce320b6 <ntdll.dll+0x220b6>)
# 2 ntdll.dll!RtlUserThreadStart +0x20 (0x00007fffcce5d241 <ntdll.dll+0x4d241>)
Note: @0:00:27.446 in thread 7096
Note: instruction: iret %rsp (%rsp) -> %rsp

Error #8: POSSIBLE LEAK 1624 direct bytes 0x000002e234ae07e0-0x000002e234ae0e38 + 14973 indirect bytes
# 0 replace_realloc [d:\a\drmemory\drmemory\common\alloc_replace.c:2672]
# 1 l_alloc [C:\dll\lua\lauxlib.c:1005]
# 2 luaL_newstate [C:\dll\lua\lauxlib.c:1076]
# 3 main [C:\dll\lua\lua.c:645]

===========================================================================
FINAL SUMMARY:

DUPLICATE ERROR COUNTS:
Error # 3: 12
Error # 7: 3

SUPPRESSIONS USED:

ERRORS FOUND:
0 unique, 0 total unaddressable access(es)
7 unique, 20 total uninitialized access(es)
0 unique, 0 total invalid heap argument(s)
0 unique, 0 total GDI usage error(s)
0 unique, 0 total handle leak(s)
0 unique, 0 total warning(s)
0 unique, 0 total, 0 byte(s) of leak(s)
1 unique, 1 total, 16597 byte(s) of possible leak(s)
ERRORS IGNORED:
3621 potential error(s) (suspected false positives)
(details: c:\tmp\DrMemory-lua.exe.5764.000\potential_errors.txt)
14 potential leak(s) (suspected false positives)
(details: c:\tmp\DrMemory-lua.exe.5764.000\potential_errors.txt)
600 unique, 1671 total, 155269 byte(s) of still-reachable allocation(s)
(re-run with "-show_reachable" for details)
Details: c:\tmp\DrMemory-lua.exe.5764.000\results.txt

I am not saying that there is a problem with Lua, it may be a defect in the tool.
Can anyone else confirm?

regards,

Ranier Vilela