Sign in to follow this  
Shnoutz

Lua heap corruption

Recommended Posts

Shnoutz    356
I am building a tool that relies heavily on lua.

I am starting to push the limits of my app and I am starting to see issues with lua.

I was able to extract an exemple of the problem I am having.

I am trying creating a hierarchy of lua table a bit like this :

[code]
{
asdf =
{
asdf =
{
asdf =
{
... many many times.
}
}
}
}
[/code]

I made a small c function to build the hierarchy...


[code]

void makeManyTables(lua_State * const p_state, size_t const p_num)
{
for(size_t i = 0; i < p_num; ++i)
lua_newtable(p_state);

for(size_t i = 0; i < p_num; ++i)
lua_setfield(p_state, -2, "asdf");
}
[/code]

... and I can test it like this :

[code]

lua_newtable(state);
makeManyTables(state, 50);
[/code]


It works when the "p_num" value is relatively small (30)... But it crash violently when I raise the bar to 50.

50 levels of tables seems a bit low...

this is the error I get when I try to run this code with 50 levels.

[code]

HEAP[Test.exe]: Invalid address specified to RtlValidateHeap( 00230000, 002374C0 )
Windows has triggered a breakpoint in Test.exe.
This may be due to a corruption of the heap, which indicates a bug in Test.exe or any of the DLLs it has loaded.
[/code]

I saw some post about heap corruption if lua is linked as a DLL, this is not my case, I have a single executable and all the files needed are included in this single project.

Have you ever saw this issue before?

Thanks,

Gab.

Share this post


Link to post
Share on other sites
Shnoutz    356
Hmm... I tweaked my exemple... it seems you dont even need to create a hierarchy...

[code]
lua_State * state = luaL_newstate();
for(size_t i = 0; i < 50; ++i)
lua_newtable(state);
lua_close(state);
[/code]

... is enough to corrupt the heap

Share this post


Link to post
Share on other sites
dmail    116
You do realise all those tables are still on the stack?
What happens if you call lua_checkstack with 50?
Which version of Lua are you using and have you modified LUAI_MAXCSTACK in luaconf.h or it is 8000(5.1.4)?


http://www.lua.org/manual/5.1/manual.html#lua_checkstack

Share this post


Link to post
Share on other sites
Shnoutz    356
I am aware that the 50 tables are on the lua stack. I dont think that my program is stacking that many values but I get the same kind of error.
I am using lua version 5.1.4

I have not modified the luaconf.h file so I should be able to stack up to 8000 values.

lua_checkstack(state, 50) returns 1

I wanted to make sure I was not linking more than one version of lua so I crafted a stand-alone application.

can anyone try this (visual studio 2008 or 2010) and tell me if they have the same issue?

[code]

extern "C"
{
#include "lua-5.1.4/src/lua.h"
#include "lua-5.1.4/src/lauxlib.h"
}

void main()
{
lua_State * state = luaL_newstate();

for(size_t i = 0; i < 50; ++i)
lua_newtable(state);

lua_close(state);
}
[/code]

I simply include all c/h files from the standard distribution (minus lua.c, luac.c and print.c).

Share this post


Link to post
Share on other sites
Nanoha    2682
Tried that snippet, it doesn't crash right off but it triggers a breakpoint when it tries to close the state.

Invalid address specified to RtlValidateHeap( 02B40000, 0306B6E8 )

This was with lua 5.1.4

Share this post


Link to post
Share on other sites
Shnoutz    356
[quote name='Nanoha' timestamp='1307738326' post='4821848']
Tried that snippet, it doesn't crash right off but it triggers a breakpoint when it tries to close the state.

Invalid address specified to RtlValidateHeap( 02B40000, 0306B6E8 )

This was with lua 5.1.4
[/quote]


Thats the issue I have.

I "fixed" the problem by calling "lua_checkstack(state, 1)" for EACH value I push on the stack.

[code]

lua_State * state = luaL_newstate();
for(size_t i = 0; i < 50; ++i)
{
lua_checkstack(state, 1);
lua_newtable(state);
}
lua_close(state);
[/code]

... Its feels wrong.

Share this post


Link to post
Share on other sites
dmail    116
I am not currently on windows so I would ask that you please post this problem to the Lua mailing list [1] where the authors and others will see it and be able to respond. I personally do not understand why checking for 50 stack entries would return true then fail, whilst check for a single empty stack space at every iteration would succeed.

[1] [url="http://www.lua.org/lua-l.html"]http://www.lua.org/lua-l.html[/url] - requires sign up.

Share this post


Link to post
Share on other sites
dmail    116
Just a quick update. Your "fix" is not required if you know before hand how many elements you need on the stack and request them all at once. If you need this "fix" to stop crashing whilst knowing the amount of stack entries, then that is a bug which no one else has been able to replicate.

[code]
# include "lua.h"
# include "lauxlib.h"
# include "lualib.h"
# include <stdio.h>

int main()
{
lua_State* L = luaL_newstate();
int res = lua_checkstack(L, 50);
printf("lua_checkstack with a parameter of 50 returned %d\n",res);
if( res )
{
for(int i = 0; i < 50; ++i) lua_newtable(L);
}
lua_close(L);
return 0;
}
[/code]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this