[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: segmentation fault in luaG_findlocal
- From: Sergey Bronnikov <sergeyb@...>
- Date: Fri, 1 Sep 2023 16:49:41 +0300
Hello, everyone,
on the latest version of Lua source code (commit hash
9b4f39ab14fb2e55345c3d23537d129dac23b091)
I've discovered segmentation fault on access to a local variable with
non-existent index.
Assume we have a snippet (lua_getlocal.c) written using Lua C:
#include <lua.h>
#include <lualib.h>
#include <lauxlib.h>
int main()
{
lua_State *L = luaL_newstate();
if (L == NULL)
return 0;
lua_Debug ar;
lua_getlocal(L, &ar, 100);
lua_close(L);
return 0;
}
Build (current directory contains headers and a Lua library built from
latest source code version):
clang lua_getlocal.c -o lua_getlocal -I. -L. -llua -fsanitize=address
After running of executable segmentation fault is observed:
$ ./lua_getlocal
AddressSanitizer:DEADLYSIGNAL
=================================================================
==228844==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000000 (pc 0x55555569be06 bp 0x7fffffffd2d0 sp 0x7fffffffd150 T0)
==228844==The signal is caused by a READ memory access.
==228844==Hint: address points to the zero page.
#0 0x55555569be06 in luaG_findlocal
/home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldebug.c:197:25
#1 0x55555569d368 in lua_getlocal
/home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldebug.c:231:12
#2 0x55555569a7d2 in main
(/home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lua_getlocal+0x1467d2)
(BuildId: f9d8d333aad8548a1f380a281228066c87ad3fa0)
#3 0x7ffff7c29d8f in __libc_start_call_main
csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#4 0x7ffff7c29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#5 0x5555555c23b4 in _start
(/home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/lua_getlocal+0x6e3b4)
(BuildId: f9d8d333aad8548a1f380a281228066c87ad3fa0)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
/home/sergeyb/sources/lua-c-api-tests/build/lua-master/source/ldebug.c:197:25
in luaG_findlocal
==228844==ABORTING
I suppose a check for ci is required, with patch below segfault is gone:
--- a/ldebug.c
+++ b/ldebug.c
@@ -194,6 +194,8 @@ static const char *findvararg (CallInfo *ci, int n,
StkId *pos) {
const char *luaG_findlocal (lua_State *L, CallInfo *ci, int n, StkId
*pos) {
+ if (ci == NULL)
+ return NULL;
StkId base = ci->func.p + 1;
const char *name = NULL;
if (isLua(ci)) {
Sergey
