Thanks Robert, that makes sense, so the user seems to be calling either io.read(), or :read() on an io object.
So taking that as legitimate, I'm now trying to explain the "garbage pointer 0x2" in fread(). Its signature is:
size_t fread(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream);
My first thought was maybe it's the FILE that's NULL and something inside it at offset 0x2 is what is being access, but the first field is a pointer, ie 8 bytes, making that unlikely.
So, then maybe it's the destination buffer that's the problem?
read_all() calls luaL_prepbuffer() right before fread(), to prepare the destination buffer, and that calls through to prepbuffsize() which appears to be doing pointer math on a luaL_Buffer struct, specifically foo->b + foo->n, so if b is NULL and n is 2 then we have a plausible path to the 0x2 error.
The question then becomes, how can foo->b be NULL?
Looking at prepbuffsize() I see three paths through the function, and I'm not sure I can rule any of them out as being incapable of producing a NULL.
Either way, I'm still not familiar enough with the Lua code to know how the buffer address could end up being NULL. Any ideas?
