Quantcast

LPeg 1.0.1 uninitialised memory

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

LPeg 1.0.1 uninitialised memory

Richter, Jörg

Hi,

 

I think there is an uninitialized memory access in LPeg. Please see the following valgrind dump:

 

==2114== Conditional jump or move depends on uninitialised value(s)

==2114==    at 0x4F208E0: correctkeys (lptree.c:224)

==2114==    by 0x4F211D7: joinktables (lptree.c:268)

==2114==    by 0x4F1F95E: newroot2sib (lptree.c:514)

==2114==    by 0x4F1F133: lp_choice (lptree.c:564)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F4F3AE: luaD_call (ldo.c:503)

==2114==    by 0x4F5B4A1: luaT_callTM (ltm.c:114)

==2114==    by 0x4F5B4A1: luaT_callbinTM (ltm.c:130)

==2114==    by 0x4F5B4E8: luaT_trybinTM (ltm.c:137)

==2114==    by 0x4F5FD9B: luaV_execute (lvm.c:897)

==2114==    by 0x4F4F436: luaD_call (ldo.c:504)

==2114==    by 0x4F4F436: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4A2B3: lua_callk (lapi.c:924)

==2114==    by 0x4F6D2D4: ll_require (loadlib.c:646)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F5DFFB: luaV_execute (lvm.c:1131)

==2114==    by 0x4F4F3BA: luaD_call (ldo.c:504)

==2114==    by 0x4F5B35A: luaT_callTM (ltm.c:114)

==2114==    by 0x4F5D931: luaV_execute (lvm.c:836)

==2114==    by 0x4F4F436: luaD_call (ldo.c:504)

==2114==    by 0x4F4F436: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144)

==2114==    by 0x4F4F9BA: luaD_pcall (ldo.c:734)

==2114==    by 0x4F4A395: lua_pcallk (lapi.c:968)

==2114==    by 0x4025E3: docall (lua.c:217)

==2114==    by 0x4025E3: handle_script (lua.c:460)

==2114==    by 0x4025E3: pmain (lua.c:595)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F4F42A: luaD_call (ldo.c:503)

==2114==    by 0x4F4F42A: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144)

==2114==    by 0x4F4F9BA: luaD_pcall (ldo.c:734)

==2114==    by 0x4F4A395: lua_pcallk (lapi.c:968)

==2114==    by 0x401F6A: main (lua.c:623)

==2114==  Uninitialised value was created by a heap allocation

==2114==    at 0x4A07172: malloc (vg_replace_malloc.c:298)

==2114==    by 0x4A072E6: realloc (vg_replace_malloc.c:784)

==2114==    by 0x4F765CF: allocFunc

==2114==    by 0x4F548D1: luaM_realloc_ (lmem.c:86)

==2114==    by 0x4F509EA: luaC_newobj (lgc.c:210)

==2114==    by 0x4F5A020: luaS_newudata (lstring.c:241)

==2114==    by 0x4F4A88B: lua_newuserdata (lapi.c:1186)

==2114==    by 0x4F1F9E0: newtree (lptree.c:360)

==2114==    by 0x4F2227E: newemptycap (lptree.c:732)

==2114==    by 0x4F21B59: lp_poscapture (lptree.c:798)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F5DFFB: luaV_execute (lvm.c:1131)

==2114==    by 0x4F4F436: luaD_call (ldo.c:504)

==2114==    by 0x4F4F436: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4A2B3: lua_callk (lapi.c:924)

==2114==    by 0x4F6D2D4: ll_require (loadlib.c:646)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F5DFFB: luaV_execute (lvm.c:1131)

==2114==    by 0x4F4F3BA: luaD_call (ldo.c:504)

==2114==    by 0x4F5B35A: luaT_callTM (ltm.c:114)

==2114==    by 0x4F5D931: luaV_execute (lvm.c:836)

==2114==    by 0x4F4F436: luaD_call (ldo.c:504)

==2114==    by 0x4F4F436: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144)

==2114==    by 0x4F4F9BA: luaD_pcall (ldo.c:734)

==2114==    by 0x4F4A395: lua_pcallk (lapi.c:968)

==2114==    by 0x4025E3: docall (lua.c:217)

==2114==    by 0x4025E3: handle_script (lua.c:460)

==2114==    by 0x4025E3: pmain (lua.c:595)

==2114==    by 0x4F4F114: luaD_precall (ldo.c:438)

==2114==    by 0x4F4F42A: luaD_call (ldo.c:503)

==2114==    by 0x4F4F42A: luaD_callnoyield (ldo.c:514)

==2114==    by 0x4F4E5FE: luaD_rawrunprotected (ldo.c:144)

==2114==    by 0x4F4F9BA: luaD_pcall (ldo.c:734)

==2114==    by 0x4F4A395: lua_pcallk (lapi.c:968)

==2114==    by 0x401F6A: main (lua.c:623)

 

The following patch seems to fix it:

 

--- lpeg-1.0.1/lptree.c     2017-01-14 19:57:16.000000000 +0100

+++ lptree.c        2017-05-05 13:10:18.896650360 +0200

@@ -720,6 +720,7 @@

static TTree *auxemptycap (TTree *tree, int cap) {

   tree->tag = TCapture;

   tree->cap = cap;

+  tree->key = 0;

   sib1(tree)->tag = TTrue;

   return tree;

}

 

If you need the LPeg code that triggers this, I can try to reduce it. But this will take some time.

 

- Jörg

 

Loading...