[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Crash : SEGV that occurs during error handling that occurs in the __close metamethod of to-be-closed after calling os.exit
- From: Roberto Ierusalimschy <roberto@...>
- Date: Tue, 30 Nov 2021 15:11:36 -0300
> Hi, I found an interesting SEGV crash on Lua interpreter.
>
> Lua .5.4.4, commit hash ad3942adba574c9d008c99ce2785a5af19d146bf
>
> [...]
> local function v(a, b, c, ...)
> return os.exit(0, true)
> end
>
> local function a()
> return h()
> end
>
> local e <close> = setmetatable({}, {__close = a})
>
> v()
Many thanks for the feedback.
The issue here is that, when closing the state, Lua assumes its stack
is going away, so it could close 'e' using all the stack after it.
However, the call to 'v' is still pending, and when the error tries
to create a traceback, the information about the call to 'v' has
been messed up by the closing of 'e'.
The fix seems simple:
--- a/lstate.c
+++ b/lstate.c
@@ -271,6 +271,7 @@ static void close_state (lua_State *L) {
if (!completestate(g)) /* closing a partially built state? */
luaC_freeallobjects(L); /* just collect its objects */
else { /* closing a fully built state */
+ L->ci = &L->base_ci; /* unwind CallInfo list */
luaD_closeprotected(L, 1, LUA_OK); /* close all upvalues */
luaC_freeallobjects(L); /* collect all objects */
luai_userstateclose(L);
-- Roberto
